Federal and state privacy and data security laws affect nearly every industry ranging from healthcare providers to financial institutions to start-ups. One federal bill that could bring clarity to varied state laws and regulations is the Data Security and Breach Notification Act of 2015 originally co-sponsored by Representatives Marsha Blackburn (R-TN) and Peter Welch (D-VT). If passed, it will change how companies, non-profit organizations, and common carriers handle data breach notifications from trying to comply with an uneven quilt of state laws to a single, enforceable, uniform standard.
There are two important provisions in this Act. First, this federal law would preempt all existing state data breach notification laws, providing a single uniform rule for what to do when a company discovers a data breach. Second, the rules for data breach notification are well defined for all companies. For example, the bill states what information a company will need to provide in its data breach notice, how notification should happen (even when some of the contact information for data breach victims is outdated), and when it should take place (not later than 30 days after the entity has investigated and secured its system).
Continue reading Feds Attempt To Preempt Conflicting State Laws On Data Breaches