Report provides insight into the current regulatory framework around data breach notification and what to expect going forward
Experian Data Breach Resolution released a white paper today, “Policymakers Review Focus on Data Breach Laws,” analyzing the current legislative and regulatory landscape around data breaches.
Legislation to establish a national data security and breach standard remains undefined, sustaining uncertainty as to whether a national, preemptive law will be enacted. Despite the lack of a national standard, 47 states have enacted data breach notification laws, and the attorneys general and the Federal Trade Commission (FTC) have established a regulatory threshold through enforcement actions. Together, these comprise the law of the land, and both the attorneys general and the FTC are taking action to ensure compliance.
“You don’t want to learn the current patchwork of federal and state data breach laws while in the midst of a breach,” said Michael Bruemmer, vice president, Experian Data Breach Resolution. “Having the right group of experts, including outside privacy counsel, identified ahead of time will significantly improve a company’s ability to respond in a way that meets regulatory requirements and keeps the focus on assisting the affected population.”
In examining the current landscape, key topics addressed in the paper include:
- Continued FTC action: Since 2001, the FTC has brought more than 50 cases that accused businesses of failing to protect consumers’ personal information. In the settlements that the FTC has reached with companies in cases involving data breaches, the entities are required to implement a comprehensive information security program and undergo evaluation every two years by a certified third party. It is expected that the FTC will continue to take enforcement actions against companies that experience large breaches of consumer information.
- Federal focus on new data breach laws
While previously introduced bills have failed to garner enough support to be signed into laws, new legislation is being introduced within 2014 and is pending consensus.
- Global policy trend in data breach notification
Following the European Union’s (EU) update to data breach requirements in 2013, the EU is considering expanding the 24-hour notification requirement. Australia and countries in Latin America — including Mexico, Costa Rica and Colombia — are also considering data breach notification requirements.
To access the full complimentary white paper, visit http://bit.ly/Experian2014LegislativeOutlook.
Additional data breach resources, including Webinars, white papers and videos, can be found at http://www.experian.com/databreach.
Read the Experian Data Breach Resolution blog at http://www.experian.com/dbblog.