The Senate Judiciary Committee today approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 14-5. The bill now is headed to the full Senate for consideration.  The Data Breach Notification Act (S. 139) was also reported to the full Senate on a vote of 14-2.

Under the proposed law, all private and government entities handling sensitive data would be required to implement specific risk assessment and vulnerability testing measures. They also would be required to deploy measures for controlling access to sensitive data, detecting and logging unauthorized accesses to the data and for protecting data while it is in transit and at rest.

The bill would introduce a federal breach notification standard under which companies would be required to notify not just affected individuals of a data breach, but also in some cases, credit reporting agencies and the U.S. Secret Service. It would establish a new Office of Federal Identity Protection within the Federal Trade Commission and stiffen penalties for identity theft and related fraud.

The law would also provide notification exemptions for companies that have taken adequate measures.

The law provides for penalties against executives of companies that willfully conceal a data breach.

If approved, the law would likely preempt similar data protection laws that have been passed already in 46 states.

The sweeping effect of Federal preemption may be music to the ears of some but would undermine the efforts of many state legislators and regulators.  Countless hours have been expended to iron out subtleties in local regulations in order to get the best mix of protection and business compliance.  Federal preemption, while admirable in theory, will leave behind many well-thought-out adjustments by the state regulators.

What do you think?

Popularity: 28% [?]

Related posts:

1. Judiciary Committee Urges Repeal of Maine Children’s Privacy Law The Joint Standing Committee on the Judiciary in the Maine Legislature will...
2. Senate panel approves two Obama nominees for FTC A Senate panel on Thursday approved President Barack Obama’s picks to fill...
3. ChoicePoint Failed to Protect Consumers’ Personal Data In a settlement with ChoicePoint, the FTC ordered additional security requirements and...
4. Interior loses CD with personal data for 7,500 federal employees A compact disc that contains personally identifiable information for about 7,500 federal...
5. eBay privacy rules approved by Luxembourg under Binding Corporate Rules Luxembourg’s National Data Protection Commission (CNPD) has formally approved eBay’s binding corporate...
6. EU issues update to standard contractual clauses for the transfer of personal data The European Commission has adopted today a Decision updating the standard contractual...