A U.S. House of Representatives committee has unanimously approved a bill that would create new regulations for so-called data brokers, including a requirement that U.S. companies that traffic in personal data notify victims of breaches.
The House Energy and Commerce Committee’s 41-0 approval of the Data Accountability and Trust Act comes a year after the beginning of a rash of data breaches at dozens of U.S. companies, starting with data brokers ChoicePoint and LexisNexis. The bill, which now goes to the full House for a vote, would require any company that “experiences reasonable risk of identity theft” to notify potential victims as well as the U.S. Federal Trade Commission (FTC).
“This is legislation that consumers deserve if we are to help them and our economy defeat the growing menace of identity theft,” Rep. Cliff Stearns, a Florida Republican and primary sponsor of the bill, said in a statement.
Companies that encrypt data would be exempt from data breach notification rules under the bill, as some tech trade groups have requested. Backers of an encryption exemption say it would encourage more companies to use encryption.
Since the outbreak of breaches in early 2005, more than 20 states have passed notification laws. Data brokers such as ChoicePoint have called for a national law to standardize notification.
The House bill would require data brokers to develop security policies that explain the “collection, use, sale, other dissemination, and security” of the data they hold. It would also direct the FTC to create standards for the handling of personal data, and allow the FTC to audit a data broker’s security practices following a breach of security.
The bill would also allow consumers to annually access the records data brokers hold about them, and give them the right to demand inaccurate information be corrected or labeled as disputed.
The bill “sends a clear message: ‘If you can’t protect it, don’t collect it,’ ” said Rep. John Dingell from Michigan, the committee’s ranking Democrat.
-Grant Gross, IDG News Service
For related content from CIO sister publication, CSO, read The Five Most Shocking Things About the ChoicePoint Debacle and When the Dike Breaks: Responding to the Inevitable Data Breach.
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.