Senate bill's national standard of 'reasonable measures' for security, no deadline for disclosure criticized
The hand of government is not all that heavy on businesses when it comes to notification requirements about data breaches that affect personal information. And it looks like it won't get much heavier, even if a bill sponsored by U.S. Sen. Pat Toomey (R-Pa.) and four other Republican senators become law. It could even be a bit lighter.
While the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission (FTC) require notification of health information breaches within 60 days, the pending bill doesn't even specify a deadline.
But the Data Security and Breach Notification Act of 2012, introduced last Thursday by Toomey and Sens. Olympia Snowe (Maine), Jim DeMint (S.C.), Roy Blunt (Mo.) and Dean Heller (Nev.), would set a national standard for data breach notification. That would trump a system in which 46 states, Washington, D.C., Puerto Rico and the Virgin Islands all have different laws.
To Continue Reading: Click Here
------------------------------------------------------
Source: CSO
By: Taylor Armerding
No comments:
Post a Comment