Disastrous Data Protection Bill Passes House
Dec 14th, 2009 | By Dawn Rivers Baker | Category: TechnologyLast week, the House of Representatives passed the Data Accountability and Trust At of 2009 (H.R. 2221). Possibly you will remember this train wreck of a bill from previous coverage. To refresh your memory, this piece of legislation does two things. First, it requires businesses that own sensitive consumer data to plan to secure that data and to implement that plan. Second, it requires those firms to notify consumers in the event of a security breach that may have compromised their personal information. That may not sound too bad to you but the devil is in the details.
You see, under this bill, companies are held liable for their customer’s sensitive and personal information, even when they never actually come into contact with that information. Firm that hire third party vendors to house or otherwise process that data are still liable for its security. In the event of a breach of security, the firm is required to notify customers of said breach, provide a no-cost means of contacting the firm and supply quarterly credit reports to customers upon request. And there is no small business exemption here. A single breach at a major credit card processor could put millions of microbusinesses out of business but everybody seems to be missing the boat on this one. H.R. 2221 has been received by the Senate and referred to the Senate Commerce Committee, which has eight members who also sit on the Senate Small Business Committee. It is to be hoped that one of them notices.
