Not surprisingly, states are responding to the Equifax breach, but they are taking different approaches. Here are how two states are responding:
Law.com reports that in New York:
Attorney General Eric Schneiderman is proposing comprehensive legislation to tighten data security laws and expand protections.
The Stop Hacks and Improve Electronic Data Security Act, introduced this week in the Legislature, would require companies that handle New Yorkers’ sensitive data to adopt “reasonable administrative, technical and physical protections for data” regardless of where the company is headquartered, Schneiderman’s office said in a news release Thursday. It would cover credit reporting agencies such as Equifax as well as many other types of companies that collect personally identifiable information on individuals.
And Vermont Public Radio reports:
Chittenden County Sen. Michael Sirotkin says he heard from more constituents about the Equifax breach than almost any other issue he’s dealt with as a lawmaker. Sirotkin says he’s now putting the finishing touches on legislation that would give Vermonters new legal options for similar breaches in the future.
“So what that means is that consumers will have a private right of action, if this bill passes, where they will be able to get their damages for their time and expense and their attorneys’ fees and the cost of repairing the problem,” Sirotkin said Thursday at a press conference announcing the legislation.