The call for federal action on data security was raised at the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security hearing entitled, “Getting it Right on Data Breach and Notification Legislation in the 114th Congress.” In response to the “Year of the Breach,” multiple states have developed their own standards, leaving businesses subject to a “patchwork of state, district, and territory laws.”
Dr. Ravi Pendse, Chief Information Officer at Brown University, was one of many experts who testified at the hearing, calling for a uniform federal law. According to Pendse, national legislation governing data breaches would have many advantages over existing state laws and reduce the burden that dissimilar state laws place on complying organizations. In addition to laws regarding data breaches, he called on Congress to create incentives for proactive measures to reduce the likelihood of breaches, one of the most important being the development of a trained cybersecurity workforce through education and training.
Cheri F. McGuire, Vice President of Global Government Affairs & Cybersecurity Policy at Symantec Corporation, a Fortune 500 technology company, said that Symantec would support a national standard built on three principles: data security legislation should apply equally to all; implementing pre-breach security measures should be a part of any legislation; and the use of encryption or other security measures that render data unreadable and unusable should be a key element in establishing the threshold for the need for notification.
For more information about the data breach hearing, subscribe to the Banking and Finance Law Daily.