Tuesday, November 22, 2005

Personal Data and Security Act Moves Forward

I read some great news this morning about the Personal Data and Security Act, modeled after a California law (SB1386). SB1386 is now considered a trend setter in requiring companies to notify people when their personal information has been stolen. It now appears that the Personal Data and Security Act (S1789) is gaining ground in the Senate.

This law will provide the same protection nationally, that SB1386 has provided for California.

In an earlier post, Congress Tries to Silence Identity Theft Initiatives, it appeared that Congress was trying to replace S 1789 with what I consider a far weaker version, HR 4127.

Here is the article, I read written by Grant Gross of the IDG News Service and later published in PCWorld and Yahoo News:

"WASHINGTON-- The Senate Judiciary Committee has approved a bill that would require companies with data breaches to notify affected customers, and would set up rules for the U.S. government's use of private databases.

The Personal Data Privacy and Security Act, sponsored by committee Chairman Arlen Specter, a Pennsylvania Republican, and Senator Patrick Leahy, a Vermont Democrat, would also require data brokers to allow U.S. residents to correct their personal data, and it would require businesses holding the personal data of more than 10,000 U.S. residents to conduct risk assessments and implement data-protection policies.

Businesses that do not implement security plans could be fined up to $35,000 a day if found in violation of the requirement."

The entire article can be viewed by going to the link below:

http://news.yahoo.com/s/pcworld/20051121/tc_pcworld/123624

I would also like to add (because they weren't mentioned in this article) that senators, Dianne Feinstein (D-California) and Russ Feingold (D-Wisconsin) have also actively pushed for S1789.

In the past year, massive amounts of personal and financial data have been stolen (often with little technical expertise). These acts have exposed millions of people to the possibility of having their identities stolen. Big businesses, who have made considerable profits buying and selling our personal information need to ensure that they are diligent in protecting people's personal information. Should they fail to do so, they also need to at least let the people (who will potentially be victimized) know they are at risk.

We deserve and should accept, no less!

No comments: