Regulatory Compliance, Governance and Security

Aug 29 2009   1:43PM GMT

Data Breach Notification Act (Introduced in Senate) | S. 139



Posted by: Charles Denyer
Tags:
charles denyer
civil actions
Data Breach Notification Act
PCI DSS
s. 139
SAS 70
Senator Dianne Feinstein

Well, Regulatory Compliance, Governance, and Security is alive and well in Washington, D.C. again. Don’t be fooled to thinking that the current laws will be the end. The ongoing push for these initiatives, along with an added emphasis on privacy and the protection of the consumer, will continue. As I have stated a number of times, compliance initiatives like PCI DSS are just the beginning.

On January 6, 2009, Senator Dianne Feinstein introduced the Data Breach Notification Act, introduced in the Senate as S. 139. Read below for some of the bills notable highlights:

“Any agency, or business entity engaged in interstate commerce, that uses, accesses, transmits, stores, disposes of or collects sensitive personally identifiable information shall, following the discovery of a security breach of such information notify any resident of the United States whose sensitive personally identifiable information has been, or is reasonably believed to have been, accessed, or acquired.”

And how about one of the provisions for enforcement of the bill, which states the following:

“Civil Actions by the Attorney General- The Attorney General may bring a civil action in the appropriate United States district court against any business entity that engages in conduct constituting a violation of this Act and, upon proof of such conduct by a preponderance of the evidence, such business entity shall be subject to a civil penalty of not more than $1,000 per day per individual whose sensitive personally identifiable information was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, up to a maximum of $1,000,000 per violation, unless such conduct is found to be willful or intentional.”

To sum it up, compliance, as I stated earlier, is alive and well.

Visit the official SAS 70 Resource Guide and the official PCI DSS Resource Guide to learn more about two of the most well-known compliance initiatives currently affecting organizations in today’s business environment.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: