Legislation In the Works To Require Companies To Report Privacy Breaches

An anonymous reader writes with news that a bill is being drafted by Rep. Mary Bono Mack (R-Cal) that would make it mandatory for companies to notify the government within 48 hours of discovering a data breach. "Mack's discussion draft promises to 'protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.' According to a background staff memo, the Secure and Fortify Electronic Data [SAFE Data] Act, is based on a bill that passed the House in the last Congress. ... Mack spokesman Ken Johnson said there could be a few tweaks before it is formally introduced. 'But it’s safe to say that we are going to have an aggressive timetable in place for moving the bill through subcommittee and full committee,' Johnson said. 'Consumers want something done soon.'"

Notify Customers

[KPU]

How about instead of notifying the government, they have to notify their customers, like California requires? Maybe require signup forms to list past breaches?

sure

[waddgodd]

Because it's worked so well the last half-dozen times it was legislated. So well, in fact, that they have to pass another law stating essentially exactly what the previous ones did. How about next time they want to legislate this, they actually pay the enforcement agency, wait a few months for the enforcement agency to do their jobs, then take a flying leap?