blog.brandprotect.com

When will we ever have a National Data Bill? Get it right DC!

Almost every state now has their own bill.  Now the House and Senate have two bills which need to go to one.  It is kind of like every state has their own gas fuel mixture requirements.  It is costing taxpayers billions to have our government regulate, both at a state and federal level and business to comply to all these State and Federal bills, that are different.  The new House bill looks like it only pertains to FTC regulated companies.  Being in DC this week, I could not happen to notice the number of overhead cranes.  Building out for the next 100,000 government workers to over regulate us!

____________________________________________________ 

US House Passes Data Accountability and Trust Act (DATA)

On December 8, 2009, the Data Accountability and Trust Act -- HR 2221(DATA) moved one step closer to law by passing the House of Representatives.  DATA is sponsored by Congressman Bobby Rush (D-IL).  The DATA in Congress has similar elements as Senator Leahy's S. 1490, the Personal Data Privacy and Security Act, including not only breach notice obligations, but also information security policy requirements.

Both the Leahy and Rush bills also impose increased obligations on "information brokers," defined as follows in the Rush bill:

    (6) INFORMATION BROKER- The term `information broker'--

    (A) means a commercial entity whose business is to collect, assemble, or maintain personal information concerning individuals who are not current or former customers of such entity in order to sell such information or provide access to such information to any nonaffiliated third party in exchange for consideration, whether such collection, assembly, or maintenance of personal information is performed by the information broker directly, or by contract or subcontract with any other entity; and

    (B) does not include a commercial entity to the extent that such entity processes information collected by and received from a nonaffiliated third party concerning individuals who are current or former customers or employees of such third party to enable such third party to (1) provide benefits for its employees or (2) directly transact business with its customers.

(the Leahy bill uses the term "data broker", but has a similar definition).  Information brokers would be required to submit their security policies to the FTC in the event their breach notice obligations where triggered.  Moreover, the DATA imposes obligations on information brokers concerning data accuracy, data access and disputed data.  Information brokers would also be required to maintain audit logs or similar measures "which facilitate the auditing or retracing of any internal or external access to, or transmissions of, any data containing personal information collected, assembled, or maintained by such information broker."