The U.S. is processing a legal bill which if passed would mean all companies have to inform customers of security breaches that affect their personal data.
The Data Accountability and Trust Act (DATA) was approved by the US House Energy and Commerce Committee last week and could soon be cleared by the House of Representatives.
The bill requires consumers to be told if their privacy has been violated because of a breach.
According to the Federal Trade Commission (FTC), ID theft cost American consumers $5 billion (US$6 billion) and businesses $48 billion (US$58 billion) last year.
The bill would allow the FTC to enforce standards on keeping data, and make companies appoint a head of security who would produce best practice and audits up to five years after an event.
Under the proposals, if a breach does occur, a company must notify any customers concerned and the FTC, which can then demand an audit.
A similar law has been in place in California for three years. The Security Breach Information Act states that companies that do business in California or that have customers there must notify them if personal information could have been compromised.
Dan Ilett of Silicon.com reported from London.com.
Play video
This would be excellent legislation. It is important that consumers make clear to their representatives how important this is, because corporate interests are by and large dead set against it, since it would dramatically increase the visibility of data thefts for which they bear liability.
Note -- this would not actually prevent any of the data thefts that lead to ID fraud. It might even, paradoxically, lead to a rash of copycat thefts.
But it would greatly improve consumer's ability to protect themselves in advance of any fraud, and thus reduce the incidence of actual identity fraud and consumer losses. It would also speed recovery, which is critical to reduce losses. And finally, it would focus attention on the companies that were liable, which would lead rapidly to dramatic improvements in data security, ultimately reducing ID thefts.
I am CEO of The Identity Guardian, which offers the most comprehensive identity theft protection -- effective prevention, monitoring, insurance, and recovery -- thru employee benefit programs. Companies and benefit managers can find out more at www.theidentityguardian.com. We also provide expert consulting and training services for companies to address this high-profile, high-priority issue.
Posted by Peter Marshall on Tuesday, April 04 2006 11:42 PM