Please ensure Javascript is enabled for purposes of website accessibility

Data breach measure introduced in Congress

By: DOLAN MEDIA NEWSWIRES//September 27, 2011//

Data breach measure introduced in Congress

By: DOLAN MEDIA NEWSWIRES//September 27, 2011//

Listen to this article

By Correy Stephenson
Dolan Newswires

A bill that would require organizations processing the personal information of more than 10,000 people to put data protection requirements in place has been introduced in the Senate.

The Personal Data Protection and Breach Accountability Act, S.1535, was introduced by Sen. Richard Blumenthal, D-Conn. It would require covered organizations to submit to testing of their controls and systems and set notification requirements in case of a data breach.

Testing would consider what systems are in place to prevent and respond to intrusions or attacks. The law would allow consumers to bring civil actions if their information is breached. Companies would also be required to pay for two years of credit monitoring.

The Justice Department would be empowered to fine companies in violation of the law $5,000 per violation per day, up to a maximum of $20 million per violation. Criminal penalties for identity theft and related crimes would also be increased.

Under the notification provisions, companies would be required to notify consumers if their data was breached “without unreasonable delay” following the discovery of the breach.

The law would preempt existing state laws addressing data breach. Currently, 49 states have their own laws on the books, making for a patchwork of legislation across the country.

Polls

Should Steven Avery be granted a new evidentiary hearing?

View Results

Loading ... Loading ...

Legal News

See All Legal News

WLJ People

Sea all WLJ People

Opinion Digests