Legislation In the Works To Require Companies To Report Privacy Breaches

An anonymous reader writes with news that a bill is being drafted by Rep. Mary Bono Mack (R-Cal) that would make it mandatory for companies to notify the government within 48 hours of discovering a data breach. "Mack's discussion draft promises to 'protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.' According to a background staff memo, the Secure and Fortify Electronic Data [SAFE Data] Act, is based on a bill that passed the House in the last Congress. ... Mack spokesman Ken Johnson said there could be a few tweaks before it is formally introduced. 'But it’s safe to say that we are going to have an aggressive timetable in place for moving the bill through subcommittee and full committee,' Johnson said. 'Consumers want something done soon.'"

S.A.F.E. DATA ?

[2phar]

How about a law to require proper titles for acts instead of these stupid acronyms.

Make it a legal liability

[izomiac]

IMHO, the best way to ensure better privacy practices and data security is to make it a legal liability to lose data. Just fine the company that lost the data a fixed amount (IMHO: $50) per piece of information lost. If someone loses your name, e-mail address, phone number, mailing address, and billing address, that'd be $250 per customer record lost, and maybe triple the fine if customers suffer consequences (e.g. like in the Sony hack). Such a system makes people collect as little information as possible, and the fines give the government incentive to enforce it. Non-commercials are arguably hit disproportionately hard, but I'm personally fine with not giving my e-mail address out to every website I want to use.