Legislation was introduced into Congress this week that would establish a national data privacy law. The bill would require businesses to disclose to consumers any breaches that result in the exposure of personal information.
The legislation is a reaction to the massive security breaches that have occurred over the last year. In the most notable breach, over 40 million credit card numbers were exposed in a security breach involving CardSystems, an online processor. LexisNexis, Bank of America and other corporate entities have also suffered breaches exposing the personal information of millions of individuals.
Under the new legislation, businesses exposing the personal information of more than 1,000 individuals would be required to notify the individuals. Failure to comply with the law would result in penalties of up to $11 million per incident. Interestingly, the legislation would bar businesses and schools from putting Social Security numbers on any form of identification.
Upon receiving notice, consumers would be allowed to put a notice on their credit reports, which would prevent any company from providing new credit under their name. This would effectively stop thieves from opening new credit accounts with the stolen information.
Will It Pass?
The new legislation has a very good chance of becoming federal law. Sponsored by two Republicans and two Democrats, the bill appears to have bipartisan support. Avoiding the vicious partisan politics on Capital Hill is half the battle for any legislation.
Corporate America also appears to be getting behind the bill. Although this might seem surprising at first, there is a good reason. States including California, Washington and Georgia have already enacted similar laws, but each requires different actions. A federal law, however, will trump all of the state laws and create a uniform requirement for businesses. From a practical standpoint, Corporate America would prefer one standard instead of many.
The new bipartisan legislation is a welcome step in the effort to fight identity theft. Many more steps, however, will be required. You should continue to closely review your credit card statements and credit reports for any unauthorized charges.
Richard Chapo is the lead attorney for the law firm http://www.SanDiegoBusinessLawFirm.com – a firm providing legal advice to California businesses. Visit http://www.sandiegobusinesslawfirm.com/business_law_articles to read more business law articles.