Data Breach Notification Bill Passes in US House

On Tuesday a national data breach notification bill was passed in the U.S. House of Representatives.  The Data Accountability and Trust Act (DATA), requires businesses to notify both customers and the Federal Trade Commission if sensitive information has been exposed to a security breach.

The law states that:

“Any person engaged in interstate commerce that owns or possesses data in electronic form containing personal information shall, following the discovery of a breach of security of the system maintained by such person that contains such data - notify each individual who is a citizen or resident of the United States whose personal information was acquired by an unauthorized person as a result of such a breach of security; and notify the Federal Trade Commission.”

The bill was introduced April 30 by Rep. Bobby Rush D-Ill., chairman of the House Subcommittee on Commerce, Trade and Consumer Protection. Next, it will go to the Senate for a vote. 

“For the past five years, the Privacy Rights Clearinghouse contends that nearly 340 million records containing sensitive personal information have been involved in security breaches,” Rush said Tuesday on the House floor. “However, there is no comprehensive federal law that requires all companies that hold consumers’ personal information to implement reasonable measures to protect that data. Also, there is no federal law that requires companies that experience a data breach to provide notice to those consumers whose personal information was compromised.”