U.S. Senator Pat Toomey (R-Pa.) introduced a bill Thursday to create a national standard requiring companies to protect and secure consumers' electronic data. Senators Angus King (I-Maine) and John Thune (R-S.D.) are cosponsors.
Today, companies must comply with 46 different state laws in the event of a data breach. The Senators' bill would preempt these laws and replace them with a single national standard, providing better protections and swifter responses for consumers. In the event of a data breach, the bill would direct companies possessing personal data to notify consumers by mail, email or telephone if their information is stolen. Senator Toomey introduced an identical measure last year.
"A number of recent high-profile data breaches combined with the messy patchwork of 46 different state laws highlight how difficult it is for consumers to know their personal information is secure and they are not at risk of identity theft or other financial harm. Congress needs to provide businesses and consumers with certainty and establish a single reasonable standard for information security and breach notification practices. Our bill would eliminate the burden of complying with varying standards and laws, ensuring that all consumers and their personal information are afforded the same level of protection," Sen. Toomey said.
"Technology and business innovations are rapidly changing our idea of what is possible with communications and commerce. Amidst this rapid change, however, we can provide consistency regarding data security and breach notification. By requiring companies to take reasonable steps to secure personal information and creating a national standard for notice of data breaches, we can move beyond today's complex and burdensome patchwork of 46 state laws to a clear and enforceable single framework for the benefit of both American consumers and businesses," said Sen. Thune.
"It's estimated that more than 608 million records have been reported breached since 2005," Sen. King said. "While nearly every state has taken steps to protect consumer data and implement breach notification practices, the resulting patchwork of state laws has created unintended confusion for consumers and unnecessary compliance burdens for companies. Our legislation would establish a national standard that simplifies complicated notification practices and compliance obligations because Americans, regardless of where they live, need to know if their personal information has been compromised."