National Data Breach Notifications Would Replace ‘Patchwork’ of State Statutes

By   ISBuzz Team
Writer , Information Security Buzz | Jul 22, 2013 03:51 am PST

Members of a House subcommittee on Thursday heard an essentially unanimous call from a panel of witnesses for a national data-breach notification standard to replace the wide-ranging laws currently on the books in 48 states.

The disagreement, such as it was, came in the form of how such a law should be tailored, but witnesses and lawmakers alike expressed broad support for a national law to replace what Rep. Lee Terry (R-Neb.), the chairman of the Energy and Commerce Committee’s subcommittee on commerce, manufacturing and trade, called the “patchwork of state and territory-specific statutes.”

The word “patchwork” was uttered often as witnesses described the compliance burden of adhering to the notification requirements prescribed by the various states, which can include different triggers for sending out a notice of a breach, such as inconsistent definitions for personally identifiable information.