By Dan Ilett, 3 April 2006 11:25
NEWS
The US is processing a legal bill which if passed would mean all companies have to inform customers of security breaches that affect their personal data.
The Data Accountability and Trust Act (DATA) was approved by the US House Energy and Commerce Committee last week and could soon be cleared by the House of Representatives.
The bill requires consumers to be told if their privacy has been violated because of a breach.
According to the Federal Trade Commission (FTC), ID theft cost American consumers $5bn and businesses $48bn last year.
The bill would allow the FTC to enforce standards on keeping data, and make companies appoint a head of security who would produce best practice and audits up to five years after an event.
Under the proposals, if a breach does occur, a company must notify any customers concerned and the FTC, which can then demand an audit.
A similar law has been in place in California for three years. The Security Breach Information Act states that companies that do business in California or that have customers there must notify them if personal information could have been compromised.
Comments
There is 1 comment. Join the discussion
1. anonymous
Is there similar legislation for the UK's National Identity Register/ID database
and would the UK government adhere to it if there was?