Meena Harris writes:
Data security continues to be a hot issue on Capitol Hill, and just yesterday Attorney General Eric Holder urged Congress to create a “strong, national standard” for quickly reporting data breaches to consumers. Democratic and Republican senators have been busy drafting legislation that would establish national requirements for data security and breach notice. The following bills have been introduced over the last year: Data Security and Breach Notification Act, Toomey (R-PA); Personal Data Privacy and Security Act, Leahy (D-VT); Data Security Act, Carper (D-DE) and Blunt (R-MO); Data Security and Breach Notification Act, Rockefeller (D-WV); and Personal Data Protection and Breach Accountability Act, Blumenthal (D-CT).
This post provides a side-by-side comparison of these five data-breach bills, which would impose varying standards and penalties. The comparison focuses on the breach-notification requirements of each bill; it does not discuss the standards that some bills would establish for internal security protocols to safeguard stored data.
Read more on Covington & Burling InsidePrivacy. Notice that they all set a pretty high threshold/trigger for notification and only Senator Blumenthal’s bill has a private right of action.