"Recent data breaches at major U.S. retailers have placed a spotlight on concerns about the
security of personal information stored in electronic form by corporations and other private
entities. A data breach occurs when data containing sensitive personal information is lost, stolen,
or accessed in an unauthorized manner, thereby causing a potential compromise of the
confidentiality of the data. Existing federal laws, such as the Health Insurance Portability and
Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical
Health Act (HITECH Act), and the Gramm-Leach-Bliley Act, impose security and breach
notification requirements on specific industries or types of data. Additionally, 47 states, the
District of Columbia (D.C.), and three territories have enacted laws requiring breach notification,
while at least 12 states have enacted data security laws, designed to reduce the likelihood of a
data breach. Alabama, New Mexico, and South Dakota have not enacted breach notification laws.
Several data security and breach notification bills have been introduced in the 114th Congress,
which broadly would impose security and notification requirements on businesses regardless of
industry sector, with limited exceptions. This report begins by describing the common elements
of these federal proposals and then discusses state laws that may apply in the event of a data
breach..."
Data security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment