Eric Chabrow reports:
The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.
The Personal Data Privacy and Security Act, or S. 1490, designates as fraud unauthorized access of sensitive personally identifiable information, which would lead to racketeering charges. The measure, sponsored by Committee Chairman Patrick Leahy (at left), D.-Vt., also would prohibit concealment of security breaches involved in fraud and prohibit the dismissal of a Chapter 7 bankruptcy case if the debtor is an identity-theft victim.
The other measure, the Data Breach Notification Act, or S. 139, would require federal agencies and businesses engaged in interstate commerce to notify American residents whose personal information is accessed when a security breach occurs. An exception: if notification would hinder national security or a law enforcement investigation. S. 139, sponsored by Sen. Dianne Feinstein, D.-Calif., also would require notice to the Secret Service if records of more than 10,000 individuals are obtained or if the database breached has information on more than 1 million people, is owned by the federal government, or involves national security or law enforcement.
Read more on GovInfoSecurity.com