Last week ISPLA reported on a hearing held by Representative Mary Bono Mack
[R-CA-45], Chair of the House Energy and Commerce Subcommittee on Commerce,
Manufacturing, and Trade regarding the data intrusions of Epsilon and Sony,
and the fact that she would also be holding a hearing this week. Since
then, additional significant security breaches by hackers of the
International Monetary Fund (IMF) and Citigroup have been widely reported.
Representative Mary Bono Mack has now released a discussion draft of a bill
designed to better protect consumers' online information. The 31-page bill
called the "Secure and Fortify Electronic Data Act" or "SAFE Data Act"
intends to "protect consumers by requiring reasonable security policies and
procedures to protect data containing personal information and to provide
for a nationwide notice in the event of a security breach."
"With nearly 1.5 billion credit cards now in use in the United States - and
more and more Americans banking and shopping online - sophisticated hackers
and cyber thieves have a treasure chest of opportunities to 'get rich
quick'. The SAFE Data Act will provide American consumers with better
safeguards in the future," Congresswoman Bono Mack said in releasing the
discussion draft of her legislation. Calling a recent dramatic increase in
cyber attacks "a threat to the future of electronic commerce,"
Representative Bono Mack's SAFE Data Act establishes uniform national
standards for data security and data breach notification
On Wednesday, June 15, her subcommittee will hear testimony on the draft
from the following witnesses:
Honorable Edith Ramirez, Commissioner, Federal Trade Commission
Jason Goldman, Telecommunications and e-Commerce Counsel, U.S. Chamber of
Robert Holleyman, President and CEO, Business Software Alliance
Stuart Pratt, President and CEO, Consumer Data Industry Association
Marc Rotenberg, Executive Director, Electronic Privacy Information Center
Congresswoman Bono Mack's efforts build on legislation passed by the House
in 2009, but not acted upon in the Senate. Most importantly, it reflects
the changing landscape of data breaches and data security since that time.
It also encompasses many of the lessons learned in the aftermath of massive
data breaches at Sony, Epsilon and Citigroup, which put more than 100
million consumer accounts at risk.
"You shouldn't have to cross your fingers and whisper a prayer when you type
in a credit card number on your computer and hit 'enter.' E-commerce is a
vital and growing part of our economy. We should take steps to embrace and
protect it - and that starts with robust cyber security," Bono Mack
continued. "Most importantly, consumers have a right to know when their
personal information has been compromised, and companies and other
organizations have an overriding responsibility to promptly alert them."
The Federal Trade Commission (FTC) estimates that nearly 9 million Americans
fall victim to identity theft every year, costing consumers and businesses
billions of dollars annually - and those numbers are growing steadily and
alarmingly. Just as troubling, Congresswoman Bono Mack says the frequency
and scope of these breaches is "causing incalculable damage to consumer
confidence when it comes to shopping and banking online."
The bill would require companies to dispose of old or unnecessary data. A
key feature of the SAFE Data Act requires notification to both the FTC and
consumers within 48 hours of the time that a breach has been secured and
scope of the breach assessed. The FTC would also be given the authority to
levy civil penalties if companies or entities fail to respond in a timely
and responsible manner. Non-profit organizations such as universities and
charities would be required to comply with the legislation.
The SAFE Data Act also grants the FTC the ability to expand the definition
of "personally identifiable information" so long as this new data poses a
reasonable risk of identity theft or would otherwise "result in unlawful
conduct." Presently, this bill does not contain special provisions targeted
specifically towards investigators. However, it is a security breach bill
that all businesses should carefully study. Violations and liability are
draconian. They are even adjusted for increases under the Consumer Price
Index. ISPLA will be watching this piece of proposed legislation and
hearing testimony on its implementation.
The following is a link to the discussion draft:
Bruce Hulme, ISPLA Director of Government Affairs
To join and support the good work of ISPLA please visit
Your Proactive Voice from State Capitols to the Nation's Capitol
[Non-text portions of this message have been removed]