SAN FRANCISCO -- It's Round 2 in Congress' bid
to craft federal law that would require businesses to notify U.S.
consumers about computer data-security breaches.
Legislation introduced in February soon could
become law, given the cooperative tone of federal lawmakers, says Ari
Schwartz, a privacy advocate and deputy director of the Center for
Democracy & Technology. That would be a reversal from the previous
few years, when members of the House and Senate could not agree on a
national data-breach law, and dozens of states passed their own laws.
But the feds waited too long to act, and their
actions now are unnecessary, say state legislators and privacy
advocates. "With so many conflicting agendas from the financial
industry, data brokers and security companies, there is the danger any
bill could be watered down," says Evan Hendricks, editor of Privacy Times newsletter.
The fear is that a federal law would pre-empt
stronger state laws. "A national standard that provides less protection
than currently afforded is really a step backward, not a step forward,"
says state Sen. Joe Simitian, D-Calif., author of the first law in the
USA that required companies to publicly disclose data breaches.
More than 100 million records containing
personal information have been subject to some sort of security breach
since February 2005, starting with data broker ChoicePoint, according
to the non-profit Privacy Rights Clearinghouse.
There are at least four bills in Congress this
year to address data-breach notification that would pre-empt 35 state
laws on the books.
9:44:27 PM 
|
