The Federal Trade Commission today told a Senate Subcommittee that it supports proposed legislation that would require many companies to use reasonable data security policies and procedures and require those companies to notify consumers when there is a security breach. In testimony before the Committee on Science, Commerce, and Transportation Subcommittee on Consumer Protection, Product…
Category: Breach Laws
Pointer: Senate report on S. 139
The report on S. 139, introduced by Senator Feinstein, is available here (pdf). Three Republican senators express concerns in the report.
Senate hearing on S.3742: Data Security and Breach Notification Act of 2010
The Consumer Protection, Product Safety, and Insurance Subcommittee of the Senate Committee on Commerce, Science, and Transportation will be holding a legislative hearing on S.3742, the Data Security and Breach Notification Act of 2010 (pdf): Sep 22 2010 2:30 PM Russell Senate Office Building – 253
More on the Connecticut Insurance Department Bulletin on Breach Notification
Tanya Forsheit provides an analysis and commentary on the new breach notification requirements from the Connecticut Insurance Commission that I’ve mentioned on this blog previously (here) and clarified on PHIprivacy.net. You can read her analysis on InformationLawGroup.
Connecticut Insurance Commissioner Announces Data Breach Notification Mandate
Joseph Lazzarotti of Jackson Lewis writes: On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any “information security incident.” This post provides a brief summary of this new requirement. […] What is an “information security incident”? Under this Bulletin, an information security…
Data breach fines will not stop the rot
Over in the U.K., John E. Dunn discusses some hefty fines that have been levied following data breaches, but comments: The public gets to hear about the punishment but a lot is left behind a curtain of secrecy. This is wrong and possibly dangerous. What the UK lacks is not punishments but a basic data…