A national standard would require organizations to take a proactive approach to securing data, and face criminal actions if willfully withholding information about a breach.Insurance Networking News, September 26, 2011
A bill that includes several cyber security proposals proposed this year by the Obama administration was approved by a Senate committee today. The Personal Data Privacy and Security Act of 2011, S. 1151, introduced by Sen. Patrick Leahy, D-Vt., would establish a national standard for data breach notification.
The bill could have far-reaching effects among insurers and stakeholders alike. The bill calls for a proactive approach to data management, requiring organizations that collect and store consumers’ sensitive personal information to establish and implement specific data privacy and security programs to obviate the occurrence of breaches.
Sen. Leahy said in a statement that the penalties for individuals or organizations willfully hiding breaches when they occur will be harsh, and will be met with criminal action.
The Senate move today represents the fourth time in the past four congressional sessions that the committee has approved such legislation.
The committee also approved the Personal Data Protection and Breach Accountability Act of 2011, S. 1535, a bill introduced by Sen. Richard Blumenthal, D-Conn. According to Sen. Blumenthal, this particular bill would create a process to help organizations establish appropriate minimum security standards to safeguard sensitive consumer information, and require companies to notify individuals promptly after a data breach has occurred, among other things.
Finally, the Data Breach Notification Act of 2011, S. 1408, which was sponsored by Sen. Dianne Feinstein, D-Calif., passed committee today. It promulgated, the bill would require federal agencies and those engaged in interstate commerce to disclose the breach of sensitive personally identifiable information.