Here’s something that is long overdue. A bill is in front of the US House Of Representatives to force companies to disclose when they’ve been hacked:
Rep. Mary Bono Mack, R-Calif., is circulating draft legislation that would require companies to provide a basic level of protection for consumers’ personal information and notify the government when data is stolen.
After Mack held hearings last month on enormous data breaches at companies like Sony and Epsilon, she promised to introduce a bill to protect consumer information. The International Monetary Fund and Citigroup have also reported recent cyberattacks.
Mack’s discussion draft promises to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.” According to a background staff memo, the Secure and Fortify Electronic Data [SAFE Data] Act, is based on a bill that passed the House in the last Congress.
The bill has these key features:
The bill would require companies to dispose of old or unnecessary data, as well as notify the government within 48 hours of discovering a breach, unless the breach is an accident.
Excellent. My US readers should call their local Member of Congress and tell them that they need to support this bill. For too long companies have had a free ride when it comes to this issue. It’s time that they’re held to a much higher standard. In fact it’s beyond time.
So Canadian readers are likely wondering the following: When does Canada get something like this? Granted, Canada’s privacy laws do require companies to get rid of personal info they no longer need, but there’s nothing to require companies to report when they’ve been hacked. That’s where things are lacking. It’s time that Canada does something about that just like our friends to the south seem to be doing.