Businesses are at the mercy of hackers, sniffers, and the criminal element who are after your data. Many states have their own regulatory requirements, and this lacks uniformity and creates issues for those who do business across the United States. So what is next? Will we see uniformity in regulatory compliance for businesses across the country? H.R. 2205 is attempting to create business compliance, which will supersede the state regulations and protect consumer information.
H.R. 2205, or Data Security Act of 2015
Introduced on May 1st, 2015, the Data Security Bill of 2015 is a national consumer breach notification law. Today, 47 states, together with District of Columbia, Guam, Puerto Rico and the Virgin Islands have individual regulations specifying when and how organizations should notify consumers in the event of an electronic data breach. The state regulations vary greatly in terms of the procedures which organizations need to follow, as well as consequences for non-compliance.
The goal of the new law is to supersede the existing state regulations by creating a single system coordinating the notification process. It establishes rules for handling consumer financial and sensitive personal data. The Federal Trade Commission will have the authority to enforce the law.
The bill must be passed by the House and the Senate, and then signed by the President, to become law.
Organizations Affected
The law will apply to any individual or organization which handles personal information of consumers, including retail, real estate, transportation, and other organizations.
Timing of the Bill
According to Consumer Reports, personal data of over 70 million Americans was compromised in 2014. Until now, the financial industry has carried the biggest burden of notifying consumers of security breaches. Such laws as the Gramm-Leach-Bliley Act (GLBA) of 2005 require financial organizations to establish reasonable procedures for preventing breaches, as well as informing consumers of compromised data.
According to the statement, recently issued by the American Bankers Association in the support of the Data Security Bill, they want a “shared responsibility” with other industries for security breaches.
Bill’s Controversy
Organizations in many industries have raised concerns about the bill. The National Association of Realtors® is concerned about the burden of the data protection standards, and the expansion of FTC’s authority. The Retail Industry Leaders Association claims that it will burden the retailers (especially smaller businesses), requiring them to conduct criminal background checks on their employees involved in handling consumer data.
Although there is some merit to all the concerns, protecting consumers from fraud, and minimizing the consequences of stolen data, should be more important than the inconvenience of the new proposed measures.
In addition, GLBA affects all financial organizations, including very small firms, and most have found reasonable ways to comply with the law. There are many products on the market which limit security breaches while being inexpensive to deploy.
How to Comply with Data Security Act of 2015
Once the bill becomes law, organizations will have to create a “comprehensive information security program.” Some of the steps involved include …read more
From:: Finance and Economy