Monday, February 9, 2009

The States Step up to Fill the Gap

Lacking a Federal statute requiring businesses to report data breaches to individuals at increased risk different states have stepped in to enact their own laws. Pennsylvania State Senator Dominic Pileggi has introduced a bill that would require state agencies to provide public notice of data breaches involving personal information within one week of discovering the incident, the Daily Times reports. Similar legislation was filed in 2008 and passed the Senate, but was not considered by the state's House of Representatives. Pileggi introduced the original bill last year in response to three data breach incidents in 2007 in which nearly 400,000 files were compromised, including about 17,800 Social Security numbers. In a press release announcing the bill, Pileggi said, "The public was not notified of these thefts until two or three weeks after the fact, and that is not acceptable. Potentially affected residents deserve to be notified promptly so that they can take steps to protect themselves from identity theft."

Alongside the legislation recently enacted by Massachusetts lawmakers this indicates clearly the need for strict reporting laws to inform the public in a timely way that they are at increased risk to data fraud and identity theft. Including Puerto Rico and the District of Columbia there are currently 46 State data breach notification laws in effect.

No comments: