Rockefeller, Pryor introduce federal data security law

Two senators on Thursday introduced a national data breach notification bill that also would force businesses to create measures to protect sensitive information under their control, according to a news report.

The legislation, introduced Thursday by Sens. Mark Pryor, D-Ark., and John Rockefeller, D-W.Va., would require organizations to alert victims of a breach within 60 days and provide them with two years of credit monitoring services, according to the National Journal's Tech Daily Dose blog.

In addition, businesses and nonprofits would have to implement policies and procedures to protect their data, the blog post said.

Representatives for Pryor and Rockefeller did not immediately respond to requests for comment by SCMagazineUS.com. 

Last month, Sens. Tom Carper, D-Del., and Bob Bennett, R-Utah, reintroduced a similar bill

"The Data Security Act of 2010 would require entities such as financial establishments, retailers, and federal agencies to safeguard sensitive information, investigate security breaches, and notify consumers when there is a substantial risk of identity theft or account fraud," said a news release. "These new requirements would apply to retailers who take credit card information, data brokers who compile private information and government agencies that possess nonpublic personal information."

A national data breach notification law has been in the works for a number of years. Several versions have made the rounds, but nothing ever has cleared both chambers.

This mainly has been due to other Congressional priorities and, more specific to the bills, disagreement over what constitutes a suitable threshold to report a breach. The lack of a federal measure has given way to a hodgepodge of state laws, 46 to be exact.