Draft data breach bill requires quick disclosure

WASHINGTON Mon Jun 13, 2011 7:01pm EDT

Related Topics

WASHINGTON (Reuters) - Draft legislation is being circulated in Congress that would require firms to make reasonable efforts to secure customers' personal data and to provide quick disclosures in the case of a data breach.

Representative Mary Bono Mack, who has held hearings to scold Sony Corp for delays in telling customers about lost data, released a discussion draft of the bill on Monday.

The proposed legislation also requires companies to begin erasing personal data once it is no longer needed, eliminating the possibility that it could be stolen in a hacking attack.

In the case of a data breach, companies must notify law enforcement within 48 hours, according to the bill. If data is lost that could be used to steal a customer's identity, the company must notify the Federal Trade Commission within 48 hours and begin contacting the customers involved.

"E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it - and that starts with robust cyber security," said Bono Mack, who chairs the House subcommittee on Commerce, Manufacturing and Trade.

"Consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them," she said in a statement.

In the Senate, Senate Majority leader Harry Reid has asked four Senate committees to pull together a comprehensive cybersecurity bill. He hopes it will be brought to the floor by late summer.

Major elements of the Senate bill, which is in the process of being drafted, include: the creation of an office within the executive branch to oversee cyber policy; creation of an office in the Department of Homeland Security to share information on threats; ensuring federal computer systems are safe by continually monitoring them and creating incentives for the private sector to improve their cybersecurity.

There have been a steady stream of hacks, data breaches and computer break-ins in the past few months, including a major cyber attack on the International Monetary Fund. One hacker group claimed the Senate as its latest victim.

(Reporting by Diane Bartz; Editing by Tim Dobbyn)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
horn001 wrote:
This is such a joke! Resonable effort! This is safe harbor which was emliminated from the Obama security act of 2009. All they are trying to do is bring back safe harbor so to minimize exposure and cost associtated with the fact they did not do what they should have done to begin with. What they want is to make it cheaper to pay a fine and limit exposure than to bring systems up to date and aquire security they know they need and make companies accountable for putting profits over security. Typical!

Jun 15, 2011 11:27am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.