Draft bill would force firms to report data breaches

Posted by Emma Woollacott

Republican congresswoman Mary Bono Mack is calling for legislation forcing companies to tell the government when they've fallen victim to a data breach.

The move comes just days after Citibank admitted that it had taken weeks to warn customers that its systems had been hacked.

Bono Mack, chairman of the House Subcommittee on Commerce, Manufacturing and Trade, has released a discussion draft of the Secure and Fortify Data Act (SAFE Data Act), which establishes uniform national standards for data security and data breach notification. The Subcommittee is due to hear her proposals tomorrow.

"With nearly 1.5 billion credit cards now in use in the United States – and more and more Americans banking and shopping online – sophisticated hackers and cyber thieves have a treasure chest of opportunities to 'get rich quick'," she says. "The SAFE Data Act will provide American consumers with better safeguards in the future."

The draft would require companies to notify the FTC and consumers within 48 hours of a breach being secured and its scope  assessed. 

The FTC would be able to levy civil penalties if companies failed to comply.

And the draft also grants the FTC the ability to expand the definition of 'personally identifiable information' to include any case where the data stolen posed a reasonable risk of identity theft or would otherwise result in unlawful conduct.

Following several recent hearings examining this growing problem, Congresswoman Bono Mack says it’s time for Congress to take action.

"You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit 'enter'," she says.

"Most importantly, consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them."

The discussion draft is here.