It appears that yet another National Data Breach Notification Act is being considered by the US Senate. As with past legislation on the topic, there continue to be positive efforts being made to unify the standards of data breach notification protocols in the US. To date, no legislation has passed final approval.
Senator Pat Toomey and four other Republicans have introduced Senate Bill 3333, The Data Security and Breach Notification Act of 2012. The act would require entities that retain personal information to disclose a breach as quickly as possible including information on the data the information was accessed, the type of information stolen and how to receive more information.
This particular Act would require notification for information including Social Security numbers, driver's license numbers, financial account numbers, credit or debit card numbers and related security codes. Failure to follow the notification standard could result in fines up to $500,000.
We will keep you apprised if this, or other data breach notification legislation, is passed.