A “Process-Based Approach” to Data Security Laws

A “Process-Based Approach” to Data Security Laws: In the wake of ever-larger

data breaches in the private sector, the United States is still without a

comprehensive federal data security law. Past legislative efforts to enact a uniform

standard have come up short.

A recent hearing held by the House Subcommittee on Commerce, Manufacturing,

and Trade focused on the necessary elements to included in a federal data security

law. A representative of the Retail Industry Leaders Association called for a

“practical, proportional” law that would preempt the various existing state laws.

The legitimate interest of organizations seeking uniformity should, however, be

balanced with the public’s right to be promptly notified of an unauthorized

disclosure of sensitive information.

While supporting federal legislation, FTC Chair Maureen Ohlhausen cautioned

against setting specific requirements that would be quickly out-paced by

technological advances. Instead, Ohlhausen advocates legislation that would call for

flexible, “process-based” standards.

For more information on the House Subcommittee Hearing, click here.