Two data breach laws pass Senate Judiciary Committee
Two federal data security laws have cleared the U.S. Senate Judiciary Committee.
The committee on Thursday voted to approve both the Personal Data Privacy and Security Act of 2009, sponsored by committee Chairman Sen. Patrick Leahy, D-Vt., and the Data Breach Notification Act, endorsed by California Sen. Dianne Feinstein, D-Calif.
Leahy's bill requires that breached organizations notify individuals whose personal information was compromised. Entities do not have to report the incident if the exposed data was encrypted or somehow rendered useless.
Right now, breach alert mandates are handled at the state level, where 45 states have passed similar laws. A federal law would supersede those.
Leahy's legislation also would increase penalties for identity thieves and organizations that try to cover up breaches; provide individuals access to personal information held by data brokers; require companies maintaining personal data to establish security policies; and propel government to create security rules when dealing with data brokers.
Feinstein's legislation also imposes notification requirements for businesses and federal agencies. The bill comes with a "safe harbor" clause under which organizations do not need to report the breach if a risk assessment determined the incident would not cause harm to consumers.
In a letter to Leahy and the Judiciary Committee, Symantec CEO Enrique Salem said he supported the bills, adding that they will provide a clear standard for data-breach notification amid all of the disparate state laws.
"We commend your committee's recognition of the importance of providing national standards for better security safeguards in order to prevent breaches from occurring and for notification should a real risk of harm exist," Salem wrote.
The full Senate is expected to vote on both bills at a later date.
Experts believe both pieces of legislation have high chances of being approved because they carry bipartisan support. However, Leahy's bill cleared the committee in 2006 and 2007, but it never made it to the Senate floor for a vote. Feinstein first introduced her bill in January 2005.