Congressman J. Randy Forbes (R-VA) has prepared a draft data breach notification bill that serves as the best effort this year to eliminate the patchwork of state data breach notification laws. The bill would require “entities that acquire, maintain, store or utilize personal information” to report a data breach of customer information within 14 days of the breach. An entity that provides customer notice would be considered in compliance with the proposed rule.
The proposed rule also would impose a fine of up to $500,000 for failing to comply with the law. An entity that “intentionally violated” the notice requirements could be fined up to $1 million. Most importantly, the provision prohibits private rights of action, and it preempts all state and local data breach notification requirements.
Forbes will seek to introduce the bill in April for markup. However, this bill has a long way to go before it ever becomes law. We suspect that once this bill generates traction it will generate detractors who would prefer that a national data breach notification law mirror the California state data breach notification rules, which are significantly stricter in terms of how data breach is defined, including the triggers for customer notice and the severity of fines. In the meantime, CompTIA will work with the industry to build support for Forbes’ proposed data breach bill.
Legislation Seeks to Eliminate the Patchwork of State Data Breach Notification Laws
Email us at [email protected] for inquiries related to contributed articles, link building and other web content needs.
Read More from the CompTIA Blog
Newest on top
Oldest on top