Data-Breach Disclosures May Decline 50% Under Proposed Bills

Posted on by Dissent

Corporate disclosures of data breaches involving U.S. consumers’ personal information may fall by 50 percent under legislation before Congress.

House and Senate lawmakers have introduced at least five data-security bills this year requiring businesses to notify customers of intrusions if there is a “reasonable risk” that personal data including credit-card and Social Security numbers may have been stolen.

The measures, which don’t define the reasonable risk that triggers a mandatory notification, would supplant laws in 13 jurisdictions including California and Texas that obligate companies to disclose any breach of a system storing personal information.

“A national bill with a harm threshold will likely lead to less notification because the trigger to report has been raised,” Aaron Simpson, a privacy lawyer and partner at Hunton & Williams LLP in New York, said in an interview with Bloomberg Government.

Read more from Bloomberg on SFGate.com

No related posts.

Category: Commentaries and AnalysesFederalLegislationOf Note

2 thoughts on “Data-Breach Disclosures May Decline 50% Under Proposed Bills

  1. Under what theory of Separation of Powers would a Federal law “supplant” state laws on this topic?

    Please indicate which Article and Section of the United States Constitution grants authority over this topic to the Federal government, over-riding the 10th Amendment’s directive that “all powers not delegated to the United States … are reserved to the states respectively, or to the people”?

    Federal supremacy over the states is a MYTH propagated by usurpers in the Federal government. It’s time we exposed such claims for the power-grabs that they are. Shame on the author for playing along!

    1. see the Dormant commerce clause, effectively granting congress the right to regulate interstate commerce, and the way it has been interpreted over the years, it means congress gets to regulate, uh, well, everything it wants to 🙂

      However, data breach laws really should fall within the purview of interstate commerce. Any time congress pre-empts state law, it raises and lowers the bar at the same time, depending on the state law it preempts.

      not saying I agree with the power grab, but it’s been that way for a really long time

Comments are closed.