Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comIs a Federal Data Breach Notification Law on the Horizon?
Author: Scarinci Hollenbeck, LLC|April 18, 2014
Is a Federal Data Breach Notification Law on the Horizon?
Nearly all 50 states have data breach notification laws in place. Generally, these laws dictate how private and government entities must notify individuals of data breaches involving personally identifiable information, commonly referred to as PII.
However, when a widespread data theft occurs and impacts customers across the country, there is no singular response procedure required. The lack of a single federal response statute puts both companies and consumers at a disadvantage. Most notably, corporations must comply with a patchwork of local and federal legislation rather than one federal standard. For consumers, this often slows down the notification process considerably.
In the wake of the high-profile Target data breach, Attorney General Eric Holder called on Congress to create a strong, national standard for quickly notifying consumers that they may have fallen victim to a cyberattack.
Holder stated in a press release: “Today, I’m calling on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised. This would empower the American people to protect themselves if they are at risk of identity theft. It would enable law enforcement to better investigate these crimes – and hold compromised entities accountable when they fail to keep sensitive information safe. And it would provide reasonable exemptions for harmless breaches, to avoid placing unnecessary burdens on businesses that do act responsibly.”
At least one bill is currently pending in Congress. The Data Security Act, sponsored by Senators Tom Carper (D-Del.) and Roy Blunt (R-Mo.), includes measures companies must take to protect sensitive customer data as well as methods by which businesses must notify customers when breaches occur. Given the importance of this issue to New York and New Jersey businesses, we will closely monitor proposed data breach notification legislation. In the meantime, we encourage companies to bolster their own internal procedures. For specific tips, please see, Is Your New York Business Prepared to Stop a Data Breach?
If you have any questions about this post or would like to discuss the issues involved, please contact me, Cyber Jurist Fernando Pinguelo, or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouseWatch – Where Law, Technology, & Politics Collide.
Key Contacts
Let`s get in touch!
Related Posts
NJ OAG Enforcement Action Highlights Cyber Risks for Real Estate and Financial Companies That Failed to Protect Against Identity Theft
Are QR Codes Convenient or Risky? What Your Business Needs to Know
What’s a Credential Stuffing Cyberattack and Is Your Business Vulnerable?
Year in Review: Top Cybersecurity Law Developments in 2021
Is a Federal Data Breach Notification Law on the Horizon?
Author: Scarinci Hollenbeck, LLC
Nearly all 50 states have data breach notification laws in place. Generally, these laws dictate how private and government entities must notify individuals of data breaches involving personally identifiable information, commonly referred to as PII.
However, when a widespread data theft occurs and impacts customers across the country, there is no singular response procedure required. The lack of a single federal response statute puts both companies and consumers at a disadvantage. Most notably, corporations must comply with a patchwork of local and federal legislation rather than one federal standard. For consumers, this often slows down the notification process considerably.
In the wake of the high-profile Target data breach, Attorney General Eric Holder called on Congress to create a strong, national standard for quickly notifying consumers that they may have fallen victim to a cyberattack.
Holder stated in a press release: “Today, I’m calling on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised. This would empower the American people to protect themselves if they are at risk of identity theft. It would enable law enforcement to better investigate these crimes – and hold compromised entities accountable when they fail to keep sensitive information safe. And it would provide reasonable exemptions for harmless breaches, to avoid placing unnecessary burdens on businesses that do act responsibly.”
At least one bill is currently pending in Congress. The Data Security Act, sponsored by Senators Tom Carper (D-Del.) and Roy Blunt (R-Mo.), includes measures companies must take to protect sensitive customer data as well as methods by which businesses must notify customers when breaches occur. Given the importance of this issue to New York and New Jersey businesses, we will closely monitor proposed data breach notification legislation. In the meantime, we encourage companies to bolster their own internal procedures. For specific tips, please see, Is Your New York Business Prepared to Stop a Data Breach?
If you have any questions about this post or would like to discuss the issues involved, please contact me, Cyber Jurist Fernando Pinguelo, or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouseWatch – Where Law, Technology, & Politics Collide.
