USA: Data Security and Breach Notification Act 2015
Published 15 April 2015
On 15 April 2015 the House Energy & Commerce Committee approved the Data Security and Breach Notification Act of 2015 (the Bill). The Bill will mean companies have to adhere to unified nationwide standards on consumer data protection and mandated procedures when responding to data breaches. The current legislation is a fragmented state by state procedure. A significant introduction by the Bill is a nationwide rule requiring that notification of a data breach is made within 30 days.
If the Bill is enacted, as well as having to amend their current data security policies to comply with the new nationwide rules, companies will face the prospect of having to coordinate with a wider range of federal agencies, including the FTC, FBI, and Secret Service in the event of data breach. However, it does offer a less complicated system of compliance for those companies that operate across a number of states.
To view the Congress report, please click here.
What action could be taken to manage risks that may arise from this development?
Companies should keep track of the Bill's progress as a review of data breach policies and procedures will be required if it is enacted.