DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Senators re-introduce bill to improve security, require notification of breaches

Posted on July 14, 2010 by Dissent

The press release issued by the Senators:

Today Senator Tom Carper (D-Del.) joined Senator Bob Bennett, (R-Utah) to re-introduce legislation that helps protect consumers and businesses from identity theft and account fraud.

“It seems nearly every other day there is a report of consumers’ highly sensitive personal information being compromised by a store, a school, or some third party data center,” said Carper. “In a 2009 incident, Heartland Payment Systems – a national company that processes payments for retailers and restaurants located in nearly all 50 states — was hacked, leaving possibly 100 million people at risk of identity fraud or financial theft. Unfortunately this story is all too familiar, as millions of Americans are at risk for identity theft because of the vulnerability surrounding sensitive personal information. At the very least, identity fraud can cause worry and confusion, and at the very most it can cause serious financial harm. We need to replace the current patchwork of state and federal regulations for identity theft with a national law that provides uniform protections across the country. This comprehensive approach will better serve consumers by making it easier for businesses and government agencies to take the steps necessary to adequately protect all Americans from identity theft and account fraud.”

“We live in an Information Age where technology provides greater ease and business opportunities for Americans, but also increases the ability for criminals to exploit any weak link in the cyber world,” said Bennett. “I am pleased to reintroduce this bill along with Senator Carper to help strengthen networks and ensure that personal information is protected. In the event that protection is violated, putting victims of identity theft or account fraud at risk, it provides a much needed uniform national standard for data security and breach notification.”

The Data Security Act of 2010 would require entities such as financial establishments, retailers, and federal agencies to safeguard sensitive information, investigate security breaches, and notify consumers when there is a substantial risk of identity theft or account fraud. These new requirements would apply to retailers who take credit card information, data brokers who compile private information and government agencies that possess nonpublic personal information.

Today, more than 46 states have enacted security breach notification laws. Many states have inconsistent and conflicting standards, forcing businesses to comply with multiple regulations, and leaving many consumers without proper recourse and protections.

The Data Security Act of 2010 is modeled after the data security and breach-response regime established under the Gramm-Leach-Bliley Act of 1999, and subsequent regulations. It builds on existing law to better ensure federal and state regulators comply with the law and to make sure that data security procedures are uniformly applied. Regulators of entities who do not comply would have the authority to levy finds, require corrective measures or even bar individuals from working in their respective industries.

While I like the idea of a unifying law that would cross over sectors, I do not like the “substantial” risk standard. That’s the wrong standard, Senators, as we’ve seen too many cases where entities did not believe that there was any significant risk of harm and yet there was harm.

Category: Breach Laws

Post navigation

← (update) Conn. AG wants teachers board to explain lost data
Oregon State U. notifies 34,000 of computer virus →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.