David Lazarus has some unflattering words for a bill introduced in Congress by Representatives Blaine Luetkemeyer and Carolyn Maloney. Indeed, the Data Acquisition and Technology Accountability and Security Act might be more aptly named the “Businesses Get Out of Jail Free Pass and Screw The Consumers Act of 2018.”
Well, ok, I grant you that that title is a bit long. Anyway, Lazarus writes:
This week, a congressional hearing was held on a draft bill aimed at creating a national standard for breach notifications. It’s a dubious piece of legislation for a number of reasons, not least that it would exclude Equifax and other credit agencies from its requirements.
No less troubling, it would exempt all banks and financial institutions, and would require notification by retailers and other businesses only if they believe there’s “a reasonable risk that the breach of data security has resulted in identity theft, fraud or economic loss” to consumers.
No harm, apparently, no foul. And hence no notification that the company’s system had been hacked.
Read more on the Los Angeles Times.