Loading ...
Sorry, an error occurred while loading the content.

ISPLA Update: Secure and Fortify Electronic Data Act (SAFE Data Act) - Hearings to be held

Expand Messages
  • Peter Psarouthakis
    Last week ISPLA reported on a hearing held by Representative Mary Bono Mack [R-CA-45], Chair of the House Energy and Commerce Subcommittee on Commerce,
    Message 1 of 1 , Jun 14, 2011
    • 0 Attachment
      Last week ISPLA reported on a hearing held by Representative Mary Bono Mack
      [R-CA-45], Chair of the House Energy and Commerce Subcommittee on Commerce,
      Manufacturing, and Trade regarding the data intrusions of Epsilon and Sony,
      and the fact that she would also be holding a hearing this week. Since
      then, additional significant security breaches by hackers of the
      International Monetary Fund (IMF) and Citigroup have been widely reported.

      Representative Mary Bono Mack has now released a discussion draft of a bill
      designed to better protect consumers' online information. The 31-page bill
      called the "Secure and Fortify Electronic Data Act" or "SAFE Data Act"
      intends to "protect consumers by requiring reasonable security policies and
      procedures to protect data containing personal information and to provide
      for a nationwide notice in the event of a security breach."

      "With nearly 1.5 billion credit cards now in use in the United States - and
      more and more Americans banking and shopping online - sophisticated hackers
      and cyber thieves have a treasure chest of opportunities to 'get rich
      quick'. The SAFE Data Act will provide American consumers with better
      safeguards in the future," Congresswoman Bono Mack said in releasing the
      discussion draft of her legislation. Calling a recent dramatic increase in
      cyber attacks "a threat to the future of electronic commerce,"
      Representative Bono Mack's SAFE Data Act establishes uniform national
      standards for data security and data breach notification

      On Wednesday, June 15, her subcommittee will hear testimony on the draft
      from the following witnesses:

      Honorable Edith Ramirez, Commissioner, Federal Trade Commission

      Jason Goldman, Telecommunications and e-Commerce Counsel, U.S. Chamber of
      Commerce

      Robert Holleyman, President and CEO, Business Software Alliance

      Stuart Pratt, President and CEO, Consumer Data Industry Association

      Marc Rotenberg, Executive Director, Electronic Privacy Information Center

      Congresswoman Bono Mack's efforts build on legislation passed by the House
      in 2009, but not acted upon in the Senate. Most importantly, it reflects
      the changing landscape of data breaches and data security since that time.
      It also encompasses many of the lessons learned in the aftermath of massive
      data breaches at Sony, Epsilon and Citigroup, which put more than 100
      million consumer accounts at risk.

      "You shouldn't have to cross your fingers and whisper a prayer when you type
      in a credit card number on your computer and hit 'enter.' E-commerce is a
      vital and growing part of our economy. We should take steps to embrace and
      protect it - and that starts with robust cyber security," Bono Mack
      continued. "Most importantly, consumers have a right to know when their
      personal information has been compromised, and companies and other
      organizations have an overriding responsibility to promptly alert them."

      The Federal Trade Commission (FTC) estimates that nearly 9 million Americans
      fall victim to identity theft every year, costing consumers and businesses
      billions of dollars annually - and those numbers are growing steadily and
      alarmingly. Just as troubling, Congresswoman Bono Mack says the frequency
      and scope of these breaches is "causing incalculable damage to consumer
      confidence when it comes to shopping and banking online."

      The bill would require companies to dispose of old or unnecessary data. A
      key feature of the SAFE Data Act requires notification to both the FTC and
      consumers within 48 hours of the time that a breach has been secured and
      scope of the breach assessed. The FTC would also be given the authority to
      levy civil penalties if companies or entities fail to respond in a timely
      and responsible manner. Non-profit organizations such as universities and
      charities would be required to comply with the legislation.

      The SAFE Data Act also grants the FTC the ability to expand the definition
      of "personally identifiable information" so long as this new data poses a
      reasonable risk of identity theft or would otherwise "result in unlawful
      conduct." Presently, this bill does not contain special provisions targeted
      specifically towards investigators. However, it is a security breach bill
      that all businesses should carefully study. Violations and liability are
      draconian. They are even adjusted for increases under the Consumer Price
      Index. ISPLA will be watching this piece of proposed legislation and
      hearing testimony on its implementation.

      The following is a link to the discussion draft:

      http://bono.house.gov/UploadedFiles/Data_Breach_Draft.pdf

      Bruce Hulme, ISPLA Director of Government Affairs

      To join and support the good work of ISPLA please visit
      <http://www.ispla.org/> www.ISPLA.org

      Your Proactive Voice from State Capitols to the Nation's Capitol



      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.