Despite a number of recent high profile data breaches, efforts to pass Congressional legislation that would establish national standards for data security have failed, according to a new Experian report, “Policymakers Renew Focus on Data Breach Laws.” Currently, every state but Alabama, Kentucky, New Mexico and South Dakota has regulations in place for data breach notification, but the patchwork of laws can be confusing to businesses and consumers trying to understand their rights.
Congress appears to be seriously considering legislation that would enact a national data breach notification requirement to replace the current segmented system. At the same time, state legislators will continue to search for ways to modify and update existing statutes.
While Congress will need to overcome a number of legislative hurdles before adopting a national data breach standard, it is important for organizations to make sure they are complying with existing breach notification laws. Companies should implement pre-breach plans to mitigate the impact of a data breach. This is also a good legal defense if a breach occurs, demonstrating that the company has taken reasonable precautions.