New Urgency to Update Data Security Legislation

In the wake of high profile data breaches at companies such as Sony and Citibank, there is new urgency to get legislation in place to increase the protection and penalties related to business’ fiduciary duty to protect client information. Rep. Mary Bono Mack, R-Calif., has released a new version of legislation aimed at addressing some of the concerns with a draft measure setting national rules for when companies and organizations must notify federal authorities and consumers after a data breach.

The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade is set to mark up the bill Wednesday. Mack, the subcommittee’s chairwoman, made several changes to a draft measure she released last month in response to concerns raised at a June 15th hearing by committee Democrats, privacy advocates and the Federal Trade Commission.

Bono’s guiding principle is that consumers should be promptly informed when their personal information has been jeopardized. In a recent statement, she emphasized we need a uniform national standard for data security and data breach notification.

Bono Mack’s bill requires companies that possess personal data about consumers to take adequate steps to safeguard that information and notify federal authorities and consumers following a breach.

Under the draft bill, the committee required companies to notify consumers and the FTC within 48 hours of a breach after doing a risk assessment.

The latest version still requires that consumers and the FTC be notified within 48 hours but only if they are at risk for identify theft or fraud as a result of the breach. At any rate, notification must come within 45 days of the discovery of a breach.

According to Bono’s spokesman, Ken Johnson, other changes made to the draft bill include providing more precise language for identifying individuals who are affected by a breach and in defining what constitutes a data breach.

On-site shredding is a key component for comprehensive data security. Outsourcing is often the most cost effective and reassuring method. More information at

by Judith