The recent string of wide-scale data breach disclosures by major retailers has led to a growing call for federal legislation to protect consumer information and establish uniform data breach notification requirements.
Existing federal laws governing data breach notification are limited to specific sectors such as financial institutions (e.g., the Gramm-Leach Bliley Act (“GLBA”)) and healthcare (e.g., Health Insurance Portability and Accountability Act (“HIPAA”)). Almost all states have enacted and enforced laws on data breach notification, but those laws vary in terms of applicability and the requirements for notice recipients, deadlines and content. The current state-based framework has therefore made compliance difficult for companies with national operations.
Please see full publication below for more information.