Data Breach Notification Bill Moves Forward

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A national data breach law is moving closer to passage, despite fierce opposition from consumer groups.

Passed out of the House Financial Services Committee on a 48-17 vote late last week, the Financial Data Protection Act of 2005 (H.R. 3997) allows data brokers and other companies to conduct an investigation of a breach and determine if notification to consumers is necessary.

The bill also allows companies that choose to protect their data with encryption to take that into consideration when determining if consumer notification is necessary in the aftermath of a breach.

“We think consumers should be notified in case of a breach and it shouldn’t be left to the companies to decide,” Susanna Montezemolo, a policy analyst with Consumers Union, told

The legislation also pre-exempts any state laws mandating breach disclosures to consumers. According the Consumers Union, 11 states currently have stricter notification standards than H.R. 3997, including a California law that has resulted in numerous consumer notifications over lost data tapes and database breaches.

The furor over those disclosures prompted Congress to begin considering a national breach notification law.

“It is ironic that after a year in which over 55 million Americans’ identities were put at risk through preventable data breaches, the House Financial Services Committee would repeal state laws that have protected consumers from identity theft,” Montezemolo said.

Under the bill, if a company conducts a “reasonable” investigation after a breach and determines no “harm” to consumers occurred, the companies are not obligated to inform consumers of the breach.

The bill defines harm as “material financial loss to or civil or criminal penalties imposed on the consumer or the need for the consumer to expend significant time and effort to correct erroneous information relating to the consumer.”

“Today, the Financial Services Committee voted for the worst data security bill ever,” Ed Mierzwinski of the U.S. Public Interest Research Group said in a statement.

“Rather than voting to protect consumers, the committee made things worse. All consumers should have the right to sleep at night without worrying about identity theft. This bill takes us in the wrong direction.”

In an e-mail statement to, bill sponsor Steven LaTourette of Ohio said: “We have crafted a balanced bill that makes sure companies safeguard their sensitive information and ensures that consumers are fully protected if data is breached.”

A LaTourette spokesman added in an interview, “The bill did pass in committee overwhelmingly on a bipartisan vote.”

Mierzwinski said if LaTourette’s bill had been in place at the time of ChoicePoint’s data breach, consumers would have never heard about it.

Montezemolo said her organization much prefers the Personal Data Privacy and Security Act of 2005 (S. 1789) passed by the Senate Judiciary Committee in November.

That legislation also allows companies to avoid notifying consumers of breaches if there is no significant risk of identity theft.

However, the bill mandates that if a company decides there is no risk to consumers, the company must file a written report to the U.S. Secret Service, which can conduct its own investigation.

“What we like is that there is a process and something gets put in writing,” Montezemolo said.

Article courtesy of

Get the Free Newsletter!
Subscribe to Cloud Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cloud Insider for top news, trends & analysis
This email address is invalid.

Latest Articles

Comparing SSD vs HDD Speed: Which Is Faster?

SSDs and HDDs both have their advantages and disadvantages when it comes to speed. Learn about the differences between the two.

What Is Hyperconverged Storage? Uses & Benefits

Hyperconverged Storage is an IT infrastructure model that uses a combination of server and storage virtualization. Learn more about its uses and benefits.

Best Enterprise Hard Drives for 2023

Discover the best enterprise hard drives for your business. Explore the top enterprise hard drives for performance, reliability, and scalability.