Tanya Forsheit writes:
Many of us have watched over the past few years as dozens of proposed federal data security and breach notification bills have been introduced, often with bipartisan support, but have failed to become law. This year has seen many of the usual proposals. For those of you keeping track, this year’s bills include: Rep. Rush’s Data Accountability and Trust Act — HR 2221; Sen. Leahy’s Personal Data Privacy and Security Act – S. 1490; Sen. Feinstein’s Data Breach Notification Act – S. 139; and Sens. Carper’s and Bennett’s “Data Security Act of 2010” – S. 3579. However, 2010 has also seen new and expansive proposals for broad and far-reaching data privacy legislation, including Rep. Boucher’s “discussion draft” and Rep. Rush’s “Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards” Act (or “BEST PRACTICES Act”).
Most recently, on August 5, Sens. Pryor and Rockefeller introduced the “Data Security and Breach Notification Act of 2010” – S. 3742 (hereinafter “S. 3742” or the “Act”). S. 3742 is much more akin to the more traditional proposed breach notification and data security legislation mentioned above, and not nearly as ambitious as the draft Boucher Bill or the BEST PRACTICES Act. This post summarizes the key provisions in S. 3742.
Read her analysis on Information Law Group.