With the rapid surge in data breaches impacting millions of households this year, OTA was optimistic on the possible passage of data breach legislation. Unfortunately it is appearing very unlikely we will see any such legislation, driven in part by the partisan efforts and trade groups who are focused on protecting their business member's short-term interests and consumer advocates who appear to be unwilling to compromise. OTA continues to be a voice of reason advocating a framework modeled off of CAN-SPAM and COPPA, providing businesses with clarity and ease of reporting management, superseding existing State laws, while providing States right to enforce federal legislation.
This past week, President Obama stated, "Today, data breaches are handled by dozens of separate state laws, and it's time to have one clear national standard that brings certainty to businesses and keeps consumers safe." Despite the president's call and growing interest in Congress in enacting a national data breach notification law, no such bill has reached either the Senate or House floors. It is unfortunate business groups and consumer advocates cannot agree on key provisions of data breach notification measures and the critical importance of data sharing and consumer protection.
So what can you do? Reach out to the trade organizations and encourage them to look at the impacts, costs and complexities impacting businesses. Ask the hard questions. Have similar models such as CAN-SPAM and COPPA been onerous or costly? Have State AGs abused their enforcement capabilities against legitimate companies?