Milo Cividanes, a partner at Venable LLC., said today that with eight bills in either US House or Senate committee, it’s far from a done deal that a notification bill will be passed by January 2009.
"You would’ve thought that with all of the headlines in 2005," Congress would have passed notification legislation," Cividanes said, speaking at the International Association of Privacy Professionals’ Practical Privacy Series, held today in New York City.
It’s uncertain "whether we are going to get legislation out of this Congress, or whether [a notification law] would get bunched in with some other privacy legislation," he said. "It is not clear if Congress will bring relief to this area anytime soon."
Cividanes said it was also unclear how any new federal legislation would affect local breach notification laws. Thirty-eight jurisdictions, including states and territories, have passed such laws.
In recent years, especially since the landmark ChoicePoint breach of 2005, the prevention of data breaches has become an information security priority. The Privacy Rights Clearinghouse as estimated that breaches have compromised the personal information of more than 155 million Americans.
Meanwhile, William J. Cook, chairman of business continuity and security practices at Wildman, Harrold, Allen and Dixon LLP, urged businesses to use the US Secret Service and other federal agencies as resources in the event of a data breach — many of which are the result of routine thefts.
"Probably a laptop that was stolen was [stolen by] someone who has a drug problem, or it was just a smash and grab situation," he said, adding that victimisd companies should immediately investigate to see whether any regulations have been violated.
Cook also said that customer lawsuits following a breach would become more frequent.
"This is something that we’re going to have to live with for the foreseeable future," he said.
Will Congress act on notification legislation?
By Frank Washkuch on Jun 28, 2007 10:55AM