May 15, 2015 – We’ve been telling our readers for years that federal data breach law proposals aren’t what they are cracked up to be. Quite frankly, every single federal proposal that we’ve seen stinks! In the latest push to come up with a law that would regulate data breach notifications nationwide, congress appears to be determined to take an already poorly written proposal and make it considerably worse by exempting some data breaches from any notification requirements.
The idea of a federal data breach notification law wouldn’t be horrible if it was simply a minimal standard. After all, there are still a couple of states that don’t have their own data breach notification laws. But that isn’t the idea hear. The law being written right now would usurp all state data breach notification laws currently on the books. The end result will be that consumers nationwide will be significantly more exposed to data breaches for which they will never receive any notification at all.
The latest proposal would allow companies involved in a data breach decide if there was a significant risk of identity theft as a result of the breach. If they determine that ID theft is unlikely, then they wouldn’t have to notify consumers. In essence, the proposal would make the decision to notify consumers of any breach up to the sole discretion of the company involved in the breach. Apparently, consumers aren’t supposed to see the conflict of interest there!
In one of the most ignorant statements ever uttered on the topic, U.S. Rep. Marsha Blackburn (R—TN) said, “too much notification undercuts the value of useful notification.” She made the statement knowing full well that study after study shows that consumers vote with their feet when their personally identifiable information is leaked.
It isn’t just consumers that will be hurt if the proposal becomes law. Credit card issuers are also likely to feel the pain. Just look at the recent data breach at Target! The company is facing millions of dollars in law suits from banks because of the replacement costs for compromised credit and debit cards. The current proposal appears to make recovery of these costs much more difficult because there may be no proof that a data breach has occurred.
ACCESS is advising consumers to call their legislators and let them know that they need to put a stop to this bill.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|