January 12, 2010

Federal bill to protect personal information

In December, the federal Data Accountability and Trust Act passed the House of Representatives and has been sent to the Senate. Although similar bills have been presented to Congress in the past, none have ever come to vote.

The Act revolves around the security of consumers' personal information and establishes the FTC as the enforcing agency. The FTC will require specific data security procedures and any data breach that exposes individuals' personal information will need to reported to the affected individuals and the FTC within a specified time period. It also requires organizations to offer free credit monitoring for two years.

This is a big step in the right direction, however there are two issues I'd like to note. First, this Act only applies to organizations that fall under the jurisdiction of the FTC. Insurance companies, banks, educational institutions and the government are not subject to the FTC regulations.
Some say it lacks teeth because of this.

And second, because it’s a federal bill, it would supersede state data security regulations, many of which are much stricter than this. It would, in effect, render the state regulations useless. However, the other side of the coin is that it would provide some data security protection to residents of states that have no regulation or improve the situation for those that have insubstantial regulations.

We'll monitor where this goes but for now, you can get more information here: http://www.opencongress.org/bill/111-h2221/show

Share this blog post:

No comments:

Post a Comment