A survey by 360 Advanced, Inc. shows the U.S. Congress and some states are considering legislation that would require organizations managing databases of personal information to put in place safeguards against hacking – or face significant fines after a breach.
In its analysis of data assembled by the National Conference of State Legislatures and www.govtrack.us, 360 Advanced concluded that with ever-increasing numbers of data breaches, lawmakers are determined to hold accountable firms managing personal information.
“Our analysis of pending legislation requiring data security safeguards and stiff penalties for non-compliance sends a chill across an entire industry that is already moving swiftly toward voluntary compliance on numerous levels,” said Dan Collins, President of 360 Advanced, Inc., a national, multi-service, licensed Certified Public Accountant (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers. “It is one thing for state and federal legislators to strengthen data breach reporting requirements, which is indeed appropriate, but it’s another matter entirely when they consider legislation that would punish service providers for being hacked.”
In the U.S. Congress, three pending bills, S1976, S2378 and HR4711 all outline the responsibilities of personal information database service organizations to take precautions to protect personal data from being hacked, and provide for severe penalties of up to $5 million for failure to comply.
The states of California, Florida, Iowa, Kentucky, Louisiana, Minnesota, and New Mexico are considering legislation mandating steps that must be taken to protect consumer information, with penalties for non-compliance, while 12 other states are toughening data breach reporting requirements.