Feinstein proposes tougher breach notification law

Share this article:

Sen. Dianne Feinstein (D-Calif.) on Monday toughened her proposal to require organizations to notify people of breaches that compromise their personal data.

In January, Feinstein introduced a bill based on California's security breach notification law. But after a string of recent data breaches and in working with privacy-rights advocates, Feinstein said in a statement that she decided "more needed to be done to protect Americans."

The new version of the bill is stronger than the California law in several ways, according to Feinstein. While California's law covers unencrypted electronic data, her bill covers both electronic and non-electronic data and encrypted and unencrypted data.

It also allows individuals to put a seven-year fraud alert on their credit report, and addresses what Feinstein calls a major loophole in California's law by laying out specific requirements for what must be included in notices.

Her bill also carries stiffer civil penalties - $1,000 per individual an organization failed to notify or not more than $50,000 per day while an organization fails to notify anyone. The legislation allows exceptions for law enforcement or national security purposes.

"The fact of the matter is that your buying habits, your bank accounts, your Social Security number, your drivers license - all of your personal data - today is being collected, collated, distributed, bought, sold - without your knowledge or consent," Feinstein said.

"We desperately need a strong national standard that says whenever a data system is breached, everyone who is at risk of identity theft must be notified."

A Senate Judiciary Committee is scheduled to hold a hearing on Feinstein's bill Wednesday.


Share this article:

Next Article in News

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.