Data Security Breach Notification Bill Likely to Pass

With four separate national data security breach notification bills being drafted in Washington, the Direct Marketing Association says the odds are “much higher” that one of them will pass by the end of the year.

But for now, DMA senior vice president of government affairs Jerry Cerasale says the association is concerned about the verbiage in the bills being drawn up in the Senate Judiciary Committee, the Senate Commerce Committee, the House Financial Services Committee, and the House Energy and Commerce Committee, as well as what should be considered “sensitive data.”

Cerasale discussed this topic during a March 2 briefing with the DMA’s List and Database Council. He said the DMA is working with each committee to define several steps, including what would trigger the need to notify consumers of a breach, what combination of leaked information would constitute a breach, and if consumers should have the right to access and correct their own breached information.

Three of the four bills state that sensitive data include such basic information as name, address, and e-mail address when coupled with one of the following types of data: social security number, driver’s license number, or any financial account number. The fourth bill, by the Senate Judiciary Committee, includes mother’s maiden name, exact date of birth, and miscellaneous government-issued documents, such as a hunting license, as types of data that could be considered sensitive.

Regarding what should trigger the need to notify consumers that their security has been breached, all four bills would make it mandatory if there is a “significant risk.” But none of the bills have defined that term. Though the House Energy and Commerce Committee is considering a terminology change from “significant” to “reasonable,” it has not defined the difference.

“‘Reasonable’ is a lighter trigger, and it is still something we are looking into,” Cerasale said. “The next step is to ask the committees what these terms mean, and when that means we would have to notify these consumers.”

Also at issue: the definition of an information broker, which is part of the Senate Judiciary Committee, Senate Commerce Committee, and House Energy and Commerce Committee bills. They define an information broker as “a person who rents, sells, exchanges, etc. personal information to a third party on noncustomers,” Cerasale said, adding that the term “broker” is important in these bills only because of access rights by consumers. For example, the House Energy and Commerce Committee bill would allow consumers whom have been victimized the right to access and correct any breached data.

Access and correction rights are something the DMA wants removed from the bill, Cerasale said. For one thing, it would be expensive for list brokers and compilers to set up procedures enabling consumers to access and correct data. For another, the same hackers who caused the breach could also change the data. What’s more, information management solution providers such as Experian and Acxiom have been explaining their current antifraud procedures to Congress with hopes those measures will be included in the bills.

“We will have a major fight [with the House Energy and Commerce Committee] on the access and correction rights,” Cerasale predicted.

Partner Content

Hincapie Sportswear Finds Omnichannel Success in the Cloud - Netsuite
For more and more companies, a cloud-based unified data solution is the way to make this happen. Custom cycling apparel maker Hincapie Sportswear has leveraged this capability to gain greater visibility into revenue streams, turning opportunities into sales more quickly while gaining overall operating efficiency. Download this ecommerce special report from Multichannel Merchant to more.
The Gift of Wow: Preparing your store for the holiday season - Netsuite
Being prepared for the holiday rush used to mean stocking shelves and making sure your associates were ready for the long hours. But the digital revolution has changed everything, most importantly, customer expectations. Retailers with a physical store presence should be asking themselves—what am I doing to wow the customer?
3 Critical Components to Achieving the Perfect Order - NetSuite
Explore the 3 critical components to delivering the perfect order.
Streamlining Unified Commerce Complexity - NetSuite
Explore how consolidating multiple systems through a cloud-based commerce platform provides a seamless experience for both you, and your customer.