The financial industry is backing the latest bill introduced in the House of Representatives addressing data breach notification requirements. If passed, the bill would subject retailers to the same requirements as financial institutions, plus it would set nationwide data security standards.
Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) introduced the bill as companion legislation to a Senate bill modeled on federal financial data security requirements introduced in April, reported The Hill.
Financial trade groups have announced their support of the legislation, but Congress is split over “how strongly a federal bill should preempt state laws.” Some lawmakers worry that a weak federal standard would compromise existing consumer protections and others fear federal regulators having too much power. Previous bills have failed to get traction; time will tell as to whether these latest attempts will fare any better.
The Hill also reports that this is only one of a number of proposed bills on data breach notification at the federal level. It appears that it could be some time before there is clear action on this issue. Get more details about the various proposed bills in ARMA’s news item in the May Washington Policy Brief, “National Data Breach Legislation Faces High Hurdles.”
In the meantime, ARMA International recommends against waiting for federal legislation before initiating a plan for your organization. The U.S. Justice Dept. recently released a guidance document outlining best practices for companies developing a response plan or reacting to a data breach, and the International Association of Privacy Professionals has a number of resources that address data breach notification planning.
In addition, ARMA has several resources that address the connection between records and information management and privacy planning. (Search on keyword “privacy” at www.arma.org/bookstore.)
Once federal legislation is finalized, your organization can modify its plan, if necessary.