Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Congress should renew a push to enact a national data breach notice standard, lawmakers and witnesses at a hearing on massive data breaches at Equifax Inc. and Yahoo Inc. said Nov. 8.
Companies across the U.S. have to deal with a hodgepodge of state data breach notification laws with varying standards. Companies often express concern about dealing with standards in 48 states and the District of Columbia. Alabama and South Dakota are the only two states without breach laws. Breach notice bills that would preempt those laws with a single national standard have been introduced since 2003, but none have crossed the finish line.
But that may change in light of the 2017 Equifax data breach that affected at least 143 million U.S. consumers and the multiple Yahoo data breaches revealed in 2016 involving an estimated 3 billion accounts. The Commerce hearing featured leaders from the two companies as witnesses.
Equifax CEO Paulino do Rego Barros Jr., former Equifax CEO Richard Smith, and former Yahoo CEO Marissa Mayer testified about the breaches at their companies under hard questioning by committee members. Mayer appeared in response to a subpoena, a Senate Commerce spokesman told Bloomberg Law. No other subpoenas were issued for the hearing, he said.
A national data breach notification law would force companies to treat consumers the same across multiple jurisdictions and provide “consistency and certainty” that would benefit consumers and companies, Chairman John Thune (R-S.D.) said during the hearing. Congress also could include uniform reasonable security requirements for companies, he said.
Verizon Communications Corp., which acquired Yahoo as it was dealing with the massive data breach, would support such a measure, Karen Zacharia, the company’s deputy general counsel and chief privacy officer, told lawmakers.
The Senate Commerce Committee is a logical place for a national breach notice law to originate because it has dealt with the issue for years.
The Senate Commerce leadership “has been focused on data security and cybersecurity” for at least a decade because it has a unique portfolio that covers cybersecurity, data breaches, and critical infrastructure, Norma Krayem, senior policy adviser at Holland & Knight LLP in Washington and co-chair of the firm’s cybersecurity and privacy team, told Bloomberg Law.
The massive data breaches may serve as a tipping point for Congress. Although national data breach notification measures have failed in the past, the sensitive nature of the data exposed and the millions of U.S. consumers affected may drive Congress to finally pass such a bill.
The Equifax data breach will likely “push Congress over the edge” because it included highly sensitive information and impacted millions of U.S. consumers, Jeff Dennis, cybersecurity and managing partner at Newmeyer & Dillion LLP in Newport Beach, Calif. told Bloomberg Law Nov. 8.
The best method to gain support for a national breach standard would be to create a private-public working group, Zacharia said in response to committee questions.
Congress may want to look at states with the more robust data breach notification laws as models to enact such a measure.
California and New York “provide a very good starting point” for any data breach notification legislation, Dennis said.
To contact the reporter on this story: Daniel R. Stoller in Washington at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)