The Obama administration proposed a new federal law that would require companies to notify consumers and the federal government about data breaches that could expose people to identity theft. In most cases, companies would have to notify consumers that their personally identifiable information has been compromised within two months of the breach.
“The Administration proposal helps businesses by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements,” according to a White House press release.
[Article: Playstation Invasion-Child Identity Theft is No Game]
But some privacy advocates criticized the measure, saying it prevents states from passing tougher measures in the future. If passed in its current form, the administration’s proposal “actually weakens existing state laws already in force on this subject,” says Eduard Goodman, chief privacy officer at Identity Theft 911, Credit.com’s sister company.
The proposal keeps the current definition of sensitive personally identifiable information as someone’s name and Social Security number. Some privacy experts have said that the definition fails to take into account things like email addresses, usernames and geolocation data, which can help thieves steal identities.
A company would not have to tell consumers about data breaches if it collects sensitive information about fewer than 10,000 a year, if the company’s own risk assessment finds little risk that a data breach has harmed people, or if the lost data was encrypted.
[Identity Theft: Free Identity Risk Score and profile from Credit.com]
Image: Leonid Mamchenkov, via Flickr.com
You Might Also Like
Find out what someone can do with your stolen Social Security num... Read More
October 19, 2023
Identity Theft and Scams
The Federal Trade Commission’s Consumer Sentinel Network re... Read More
May 17, 2022
Identity Theft and Scams
COVID-19 vaccines are being rolled out across the country, and th... Read More
May 20, 2021
Identity Theft and Scams