ARTICLE
10 February 2012

Data Security Legislation Passes Senate Judiciary Committee

MM
McLane Middleton, Professional Association

Contributor

Founded in 1919, McLane Middleton, Professional Association has been committed to serving their clients, community and colleagues for over 100 years.  They are one of New England’s premier full-service law firms with offices in Woburn and Boston, Massachusetts and Manchester, Concord and Portsmouth, New Hampshire. 
The Senate Judiciary Committee approved three data security bills on September 22, 2011.
United States Privacy

Originally published September 27, 2011

The Senate Judiciary Committee approved three data security bills on September 22, 2011. Several other bills are pending in the Senate and House of Representative, some which we discussed in a prior post. Therefore, while it is still unclear what national data security legislation Congress will ultimately adopt, it is becoming increasingly clear that the United States will soon have a federal data security law.

The first bill that passed the Senate Judiciary Committee was the Personal Data Privacy and Security Act of 2011, sponsored by Senator Patrick Leahy. It would require a business to implement a comprehensive data security program, and notify individuals affected by a security breach. It also would amend the Computer Fraud and Abuse Act to counteract court decisions that have found liability where an employee takes or uses information in violation of a contractual obligation or the terms of an acceptable use policy.

The second bill was the Data Breach and Notification Act of 2011, sponsored by Senator Dianne Feinstein. It is limited exclusively to data breach notification. Notably, it would not require notice if a business conducts a risk assessment and can prove to the Federal Trade Commission that no significant risk of harm exists to affected individuals.

The third bill was the Personal Data Protection and Breach Accountability Act of 2011, sponsored by Senator Richard Blumenthal. It would significantly expand the requirements of any state data security law or proposed federal law. Under this bill, businesses would have to provide affected individuals with written and telephonic notice. If more than 5,000 individuals are affected, the business also would have to provide public notice through the media, as well as electronic notice (such as on the business' own website). This bill also would prohibit businesses from attempting to "monitor, manipulate, aggregate, and market the data collected in the process of intercepting a web search or query entered by an authorized user of a protected computer."

Stay tuned as the both the Senate and House continue to consider a variety of different federal data security legislation.

Cameron Shilling is a partner at McLane, Graf, Raulerson & Middleton, and leads McLane's Privacy and Data Security Group.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More