Sen. Richard Blumenthal (D-CT) on Thursday introduced the Personal Data Protection and Breach Accountability Act, which would place data handling and protection requirements on organizations processing the personal information of more than 10,000 people. "While looking at data breaches, I've been struck by how many are preventable," Blumenthal told The New York Times. The Hill reports that the bill would require organizations to submit to regular testing of controls and systems on a timeframe directly related to the level of risk as determined by required risk assessments. In the event of a breach, the bill includes notification requirements that put the onus on organizations to show evidence supporting the timeliness of notification and increased penalties for identity theft, and would require that organizations cover credit-monitoring costs for two years.
If you want to comment on this post, you need to login.