614-322-2222 or 877-770-8324

New U.S. data breach laws met by problems from the past

Mar

12

New U.S. data breach laws met by problems from the past

The major data breaches from retailers Target, Neiman Marcus, Michaels and TJX have rekindled the debate on not only updating credit cards and payment systems, but also legislation on data breach reporting. The goal is to hold retailers to the same standards of reporting that healthcare and financial institutions face. However, there are many obstacles in the way.

To begin, this position has been passed through Congress several times at the hands of intelligence, judiciary, and homeland security officials, but is often shot down. There are two main factors to the failure of these bills. First, all of the bills introduced to date are repetitions of previously failed ones. Second, there are questions regarding whether or not a federal mandate will overrule current state regulations. At the moment all states have current standards in place for this issue, but no two ones are the same. Finding a uniform law to cover all state regulations is proving to be a very difficult task.

This particular issue takes a less than traditional route through congress due to the legal complexity of technologies landscape. This issue gets support from all parties across the board, which is unusual, but it is rejected just the same. You have conservatives and liberals finally taking the same side on this position but still in disagreement overall.

Having a preemptive breach notification law at the federal level will allow these organizations to focus all of their attention and resources to one single regulation. As it stands, retailers who have stores in different states must know what each states law requires of them. Currently 46 states and the District of Columbia have passed their own state laws, this means nationwide retailers have to stay on top of 47 different laws as opposed to 1.

The National Retail Federation has apparently been asking for this bill for over a decade, but the bill can’t make it out of Congress. Part of the issue is some state attorney generals are worried that a federal law would make it more difficult for the individual state to pursue charges on the violators.

Clearly the retailers are asking for a better system, but Congress can’t seem to put something decent enough together to meet everyone’s needs. So, for now, things are looking like they will remain the same, but it sounds like there could be a major change on the horizon.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.


  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.