Federal Data Breach Bill (H.R. 2221) Passes House

H.R. 2221 defines personal information as, “an individual’s first name or initial and last name, or address, or phone number, in combination with any 1 or more of the following data elements for that individual:

  • (i) Social Security number
  • (ii) Driver’s license number or other State identification number
  • (iii) Financial account number, or credit or debit card number, and any required security code, access code, or password that is necessary to permit access to an individual’s financial account.”

Some more details include:

  • The Federal Trade Commission would be the responsible agency.
  • The FTC would ultimately define the proper technical procedures for protecting data.
  • Organizations that have data need to establish a data security policy.
  • Organizations must identify an information security officer.
  • Organizations must have a process for identifying vulnerabilities, and monitoring for breaches.
  • Organizations need a process for securely destroying data that is no longer required.
  • Breaches need to be reported to the consumers affected, and the FTC, unless:
    • “there is no reasonable risk of identity theft, fraud, or other unlawful conduct.”, which will be defined by the FTC should the bill pass.
    • The organization experiencing the breach does not fall under the jurisdiction of the FTC.

Finally a federal law is coming for the definition of a breach and baseline for governance.

OpenCongress link

Posted via web from Technical Adversary

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s