Compliance Management, Critical Infrastructure Security, Privacy, Security Strategy, Plan, Budget

From IAPP’s Practical Privacy Series: Will Congress act on notification legislation?

Nearly six months into the term of the 110th Congress, its unclear whether significant federal breach notification legislation will be passed before the November 2008 general election, breach experts said today.

Milo Cividanes, a partner at Venable LLC., said today that with eight bills in either U.S. House or Senate committee, it's far from a done deal that a notification bill will be passed by January 2009.

"You would've thought that with all of the headlines in 2005," Congress would have passed notification legislation," Cividanes said, speaking at the International Association of Privacy Professionals' Practical Privacy Series, held today in New York City.

It's uncertain "whether we are going to get legislation out of this Congress, or whether [a notification law] would get bunched in with some other privacy legislation," he said. "It is not clear if Congress will bring relief to this area anytime soon."

Cividanes said it was also unclear how any new federal legislation would affect local breach notification laws. Thirty-eight jurisdictions, including states and territories, have passed such laws.

In recent years, especially since the landmark ChoicePoint breach of 2005, the prevention of data breaches has become an information security priority. The Privacy Rights Clearinghouse has estimated that breaches have compromised the personal information of more than 155 million Americans.

Meanwhile, William J. Cook, chairman of business continuity and security practices at Wildman, Harrold, Allen and Dixon LLP, urged businesses to use the U.S. Secret Service and other federal agencies as resources in the event of a data breach — many of which are the result of routine thefts.

"Probably a laptop that was stolen was [stolen by] someone who has a drug problem, or it was just a smash and grab situation," he said, adding that victimized companies should immediately investigate to see whether any regulations have been violated.

Cook also said that customer lawsuits following a breach would become more frequent.

"This is something that we're going to have to live with for the foreseeable future," he said.

 

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.