Bent out of shape about all the data breaches exposing personal information? Tell us about it.
Reply to comment
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
Private right of action provides a 'stick' to ensure that a corporation/company take protecting data seriously, any law without a method to fine/charge the offending company (I will use that term to encompass all corporate entities as well as companies) would in effect create a law that would cost a company nothing or little to ignore.
I suggest it should be considered under consumer protection, i.e. normally under consumer protection laws one can sue to seek 3 times damages from offending companies.
This statement, "Notification must occur by written means (electronic or by mail) without unreasonable delay. " leaves open the discussion of what 'unreasonable' means. I suggest notification be required within 2 business days of the breach being discovered.
No Preemption of existing State Laws, Once again, companies should be held accountable and should a consumer not receive adequate redress through the federal law, they should be able to seek redress through the state and vice versa.
I also advocate that no 'safe harbor' for encryption be allowed as all encryption schemes can in time be broken. Ensuring data integrity/privacy requires securing systems and monitoring for breaches, merely encrypting your data ensures nothing.
Thank you for your time.