Ossian Law February 3, 2014 IT Law Update

Time for a Standard Data Security Law? After the Target and Neiman Marcus data breaches, it’s not surprising that members of Congress are proposing new federal data security laws. Among them is the Data Security Act of 2014 (S 1927), a bipartisan initiative that would create a federal law to replace existing state laws that present varying, inconsistent security standards and breach notification requirements.

It would apply to financial institutions, retailers, data brokers and anyone who “maintains or communicates” sensitive account information (including log ins and passwords) or sensitive personal information, defined as a consumer’s first and last name, address or phone number, together with either a social security number, driver license or taxpayer ID.

The bill specifically provides that consumers would have no private cause of action under the act or any state law. It also doesn’t include certain information that is currently covered by some state laws, such as geo-location information or biometrics.

Should the bill become law, regulations, including penalties, will be established by the Federal Trade Commission and other federal agencies. Regulations won’t take effect any earlier than a year after the enactment. To review the bill, go here.

Contact us at Ossian Law P.C. regarding social media law or any other information technology law question.

 © 2014 Ossian Law P.C.