Data Breaches: Industry Calls for Single, Federal Breach Notification Standard

Akin Gump Strauss Hauer & Feld LLP

Yesterday, a coalition of 44 service and retail industry trade associations sent a letter to congressional leadership, urging the House and Senate to adopt a single data breach notification standard at the federal level.  The letter, addressed to the Majority and Minority Leaders of each chamber, states that “a single, federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.”

The coalition letter states that any legislation to address data security and data breaches should cover all types of entities that handle sensitive data, and should not provide exemptions for certain business sectors.  The letter cites several recent examples of breaches across different sectors, including the JP Morgan and Apple iCloud breaches, as well as one involving a Department of Homeland Security contractor.

Further, in an attempt to recognize companies who suffer data breaches as victims, the letter references several times the theft of financial payment information, noting that “the failure of the payment cards themselves to be secured by anything more sophisticated than an easily-forged signature makes the card numbers particularly attractive to criminals and the cards themselves vulnerable to fraudulent misuse.  Better security at the source of the problem is needed.”  President Obama recently announced a new initiative aimed at making financial transactions more secure through “chip and pin” technology.

While the letter does call for national regulation of data breach notification, it does include the caveat that “Congress should act to standardize reasonable, timely notification of sensitive data breaches.”  Nonetheless, many sectors would now welcome a federal breach notification standard as a less costly alternative to complying with the patchwork of different state laws currently in place.

Congress is unlikely to act on data security and breach notification during the lame duck session; however, given House Republicans’ interest in this issue in past months; we could see a resurgence of data security legislation in the Republican-controlled 114th Congress.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.