Since the Anthem breach, more and more legislative bodies have begun to take a closer look at the issues of data breach notification and data security in general, as several recent stories illustrate.
“House Focuses on Data Breach Bills” from the National Law Review states:
The issues of data breach notification and data security issued received a fair amount of attention in the House this week: On Wednesday, the House Energy and Commerce Subcommittee on Trade approved one data breach bill, and on Thursday, Rep. Jim Langevin (D-RI), co-chairman of the House Cybersecurity Caucus, announced the release of another.
The bill approved on Wednesday — the Data Security and Breach Notification Act — is sponsored by Reps. Michael Burgess (R-TX), Marsha Blackburn (R-TN), and Peter Welsh (D-VT). It would require companies to maintain reasonable security practices and inform customers within 30 days if their data might have been stolen during a breach. It would also empower the Federal Trade Commission (“FTC”) to enforce the bill’s rules.
In another story from the Albuquerque Journal, the New Mexico State “Senate Panel Blocks New Mexico's Data Breach Bill.” The bill “would have required retailers to notify customers when they were at significant risk of identity theft or fraud due to computer data breaches died in the final days of the Legislature’s annual session.” According to the sponsor of the bill, “The comments appeared to be it was too industry-friendly for the attorneys on the committee.”