Feds get tough on data breaches
December 8, 2009 by Steve HannafordPosted in: Regulations & Compliance, Special Report
A major new federal data security law (Personal Data Privacy and Security Act of 2009) is gaining steam and is going to set new, more precise rules for the management and safekeeping of corporate and government data.
It may seem like Congress is unable to get anything passed these days, when inter-party wrangling and threats of filibuster seem to tie most federal legislation in knots. But the new act has just cleared a major hurdle, the Senate Judiciary Committee, with an overwhelming bipartisan vote.
The details are likely to change as the bill progresses, but there is no doubt that new, tougher rules on handling data breaches are on the way. Among the provisions likely to be included:
- New stiffer federal penalties for identity theft
- The establishment of an Office of Federal Identity Protection will be established as part of the Federal Trade Commission (FTC), which will monitor data breaches and enforce identity theft laws
- A new standard for breach notification. Companies and government entities will have to notify all individuals whose data has been compromised. In some cases, credit rating agencies and the US Secret service will also need to be notified
- New standards for data protection including encryption and safe data storage will allow for some exemptions form the notification requirements, and
- Executives of companies that willfully avoid indication may be subject to criminal penalties.
While the new strictures might be harsh, they will likely replace a patchwork of 45 state regulations currently on the books, allowing companies to follow one single set of procedures and safeguards nationwide.
For more info look here.
And here.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Loading ...
February 23rd, 2010 at 10:18 am
[...] mandate protection of employee dataFeds get tough on data breachesData breaches: Will we ever learn?Is free anti-virus software worth the [...]
March 29th, 2010 at 2:47 pm
[...] Congress is also considering passage of the Personal Data Privacy and Security Act of 2009, which would place more specific data protection mandates on [...]