U.S. Senators are again looking at crafting a law that creates a national standard for reporting data breaches. Referred to as the Data Security and Breach Notification Act of 2012 (S.3333), the draft bill would require businesses and government agencies to “take reasonable measures to protect and secure data in electronic form containing personal information.” The Federal Trade Commission would enforce the legislation, and fines for violating the law could reach up to $500,000 per incident.
There are currently 40 different state laws in place. This bill would override any existing state data breach legislation. Implementing a single law could simplify compliance and make for a more consistent notification process in the event of a breach.