FTC Testifies at Senate Commerce Committee Discussing Proposed Data Security Legislation: On September 22, 2010, the Consumer Protection, Product Safety, and Insurance Subcommittee of the Senate Committee on Commerce, Science, and Transportation held a hearing to discuss the pending Data Security and Breach Notification Act of 2010 (the “Act”). The bill is one of a host of newly proposed legislation designed to address data security and privacy practices. Similar to the Data Accountability and Trust Act passed by the House of Representatives in December of 2009, the Senate Act brings Congress closer to passage of comprehensive data breach and privacy reform. The Act addresses three main data security and privacy issues: (1) requiring entities that have individual’s personal information to adopt data security protection measures, including secure means for disposal of electronic and non-electronic data; (2) requiring entities to notify their customers and the Federal Trade Commission, (“FTC”) of data security breaches; and (3) requiring information brokers to put into practice procedures to guarantee data accuracy, enable consumers to access their data, and permit customers to dispute inaccurate personal information. The FTC expressed general support for the Act, but recommended that the Senate expand its reach to cover security breaches that involve both paper and electronic records and to extend the requirements of the Act to telecommunications carriers, by providing the FTC with the authority to regulate those entities, regardless of the common carrier exemption. Other industry advocates attending the hearing expressed concern that the requirements could effectively over-notify customers about security breaches that do not expose consumers to a risk of identity theft or fraud.