Data-breach Legislation On The Agenda

Rep. James Sensenbrenner (R-Wis.), chairman of the House Judiciary Committee, has introduced the Cybersecurity Enhancement and Consumer Data Protection Act of 2006, which would require notification of government officials–but not of those affected–any time a computer breach exposes data for 10,000 or more individuals. Data-breach bills have previously been introduced by the House Financial Services Committee and the House Commerce Committee, with varying requirements for notification. In the Senate, two bills have been introduced in the Judiciary Committee and a third in the Commerce Committee. Some observers are concerned that the competing federal legislation, which would likely supersede any state laws concerning data-breach disclosure, risks being reconciled into a law that would be worse than if no law were passed. Susanna Montezemolo of the Consumers Union expressed support for one of the Senate bills, the Personal Data Privacy and Security Act, which has been approved by committee and is waiting for a vote in the full Senate.

Internet News, 12 May 2006