Yesterday the Senate Judiciary Committee passed two bills that would require business and government agencies to adopt data security measures and provide notices of breaches.
Those bills include:
· The Personal Data Privacy and Security Act of 2009 (S. 1490), which would increase criminal penalties for identity theft involving electronic personal data and would make it a crime to intentionally or willfully conceal a security breach involving personal data. It also would impose requirements on commercial data brokers, require entities that maintain personal data to notify individuals and law enforcement in the event of a breach, and require development of rules protecting privacy and security when the government uses information from commercial data brokers.
· The Data Breach Notification Act (S .139), which would impose customer notification requirements on agencies or business entities that suffer a security breach involving personal information.
An article about this development is available at: http://www.computerworld.com/s/article/9140408/Federal_data_protection_law_inches_forward