The brazenness of Uber's shirking of data breach notification laws may provide the impetus for new national legislation.
Uber is just the latest in a long line of data breaches that have the public up in arms. The Equifax breach spawned a few pieces of legislation, a few of which are still floating around. And State data breach notification laws are always changing and getting tougher.
This time may be different. A group of Senators led by Bill Nelson, D-Fla have banded together and are pushing the Data Security and Breach Notification Act.
The scope of this new legislation is limited; loss of simple personally identifiable information such as only last name or address or phone would not trigger penalties. But other info like account numbers, social security numbers, and things that would enable identity theft would require notification of customers within 30 days. Failure to comply could mean a five-year prison sentence for organizations caught concealing data breaches.
|Reduce your chances of a catastrophic data breach. Download CSR's Guide to PII. It's right out of our Readiness program.
Get it now: CSR's PII Privacy Practice .
National data breach notification law proposed by Senate Commerce Committee members