A New Way Forward for Data Privacy in the US | International Business, Trade and Taxation

Following in the footsteps of the EU, US Senators Tom Carper (D-Del) and Roy Blount (R-Mo.) have introduced a bill, the Data Security Act of 2014, intended to align fragmented data protection laws both at the federal and state levels. The bill is intended to “prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.”

The proposed bill would require entities, both public and private, to take better preventative measures safeguarding sensitive information, investigate security breaches, and place strict notification requirements for breaches. The proposed Data Security Act would supersede the confusing and inconsistent federal and state laws governing data protection now in place.

One problem identified by consumer advocates is that the bill only allows consumers to sue under federal law only, while eliminating consumer recourse for violations of state law. Another group of lawmakers, lead by Senator Patrick Leahy (D-VT) have been working throughout the past decade to garner support for their Personal Privacy and Security Act, which they reintroduced this month following the massive data security breach experienced by Target, Inc. and Neiman Marcus.

Both proposals include stronger notification provisions, more severe criminal penalties and uniform national standards. It may be possible to decrease the current fragmentation in data protection laws throughout the U.S., and would certainly go a long way to simplifying compliance, however, setting a national standard will require some states to address these issues more quickly. Businesses would welcome standardization of data protection laws, it would lower the cost of compliance and provide greater predictability and stability. Currently, the myriad of divergent laws, not just across the U.S. but across the world make compliance costly and inefficient.

If you need assistance with your data privacy policy or don’t know whether your company is in compliance, please contact us for more information.