Monday, August 13, 2012

DATA Act protection: Effects of a federal breach notification law

The federal Data Accountability and Trust Act, should it become law, would mandate new breach notification requirements. What does this mean for enterprises? This article will look at the new reporting requirements and examine when and how your organization will have to report a breach to the FTC and what new steps you’ll have to institute to comply.

DATA has passed in the House of Representatives and is awaiting Senate approval. Designed to protect personally identifiable information (PII) from misuse, the DATA Act would be similar to many existing state identity data breach notification laws requiring organizations that are entrusted with PII to report breaches promptly once they are discovered.

The business benefit of the proposed federal breach notification law is that it would
supersede the 48 existing state and territory laws that vary in their definitions of personal information, specify different notification methods and differ in their requirements for preventive and detective controls.

No comments: