The Data Accountability and Trust Act

An anonymous reader writes "The U.S. House of Representatives will soon be considering the Data Accountability and Trust Act (DATA). If passed it would require all companies to inform customers of security breaches that affect their personal data. The bill requires consumers to be told if their privacy has been violated because of a breach. Under the proposals, if a breach does occur, a company must notify any customers concerned and the FTC, which can then demand an audit."

Unconstitutional and Unnecessary

[dada21]

The US Congress has no mandate in the Constitution offering them any power over consumer privacy or information. The Interstate Commerce Clause was written to give the Federal government power to regulate the states to prevent them from taxing, tariffing or embarging interstate commerce: it was not meant to regulate commerce in any other way.

This is an unnecessary law. If you make a contract to trade with a party, put in the agreement that you want your information to be private and you want them to notify you of any breach of that agreement. If the company won't do business with you, don't buy from them -- if you want a cheap price, you might be willing to forgo this contract feature.

All my customers have in my contract agreement a stipulation that we both will notify the other in the event of identity or security breach. I don't buy anything from anyone without making sure I am protected -- and basic tort and contract law protects me in this case.

Of course this law has nothing to do with protecting consumers but with increasing Congress' control over individuals and businesses and offering a new layer of deterrence for the average person to go into business. We could replace much of the FTC with more realistic tort regulations rather than creating new laws where none are needed.

In my answer, the lawyers would win in the short run but standard contract agreements would put them on the bankburner. In Congress' solution, the lawyers win all around.