Senator Richard Blumenthal, a Democrat from Connecticut, introduced the Personal Data Protection and Breach Accountability Act of 2011 on Thursday. The aim of the bill is to protect personal information from online security breaches, as well as punish companies that act carelessly with customers’ information.
“The goal of the proposed law is essentially to hold accountable the companies and entities that store personal information and personal data and to deter data breaches,” Senator Blumenthal told the New York Times in Senator Introduces Online Security Bill. ”While looking at past data breaches, I’ve been struck with how many are preventable.”
The Act regulates how companies store online data. The rules would require companies that store data for more than 10,000 people to follow specific storage guidelines and ensure the correct storage of personal information. Companies that violate these guidelines could be subject to stiff fines.
Senator Blumenthal reported to the New York Times that, if the new bill passes, customers would be able to sue companies, like Sony, which do not take adequate precautions. (Remember the Sony breach put 77 million customers’ private information in jeopardy). Senator Blumenthal called the Sony data breach “a poster child” for the law, although the legislature had been working on the law prior to the breach. It will be interesting to see how this unfolds.
What type of online security do you have in place to protect customers’ and/or employees’ information? Does your industry need the federal government to dictate the types of guidelines necessary to protect personal information or will the market simply punish those entities that do not secure our personal information? What are your thoughts?