Earlier in the week, Representative Mary Bono Mack (R-CA) released a discussion draft of her “Secure and Fortify Electronic Data Act” (the “SAFE Data Act”). In a statement released about the draft, Bono Mack claimed the SAFE Data Act will establish uniform national standards for data security and data breach notification.
Highlights of the proposed SAFE Data Act include:
· Requiring the FTC to implement regulations that require companies holding personal information to establish and maintain a reasonable information security policy;
· Requiring companies to establish a plan and procedures to minimize retention of personal information that is no longer needed for business or legal purposes;
· Requiring the notification of law enforcement within 48 hours after discovery of a breach;
· Requiring companies to begin notifying consumers within 48 hours after taking steps to prevent further breach and determining who has to be notified if there is a reasonable risk of harm.
· Expanding the jurisdiction of the FTC to cover non-profits under the Act;
· Granting enforcement power to the FTC and to State Attorneys General if the FTC is not pursuing an action, but no private right of action; and
· Preemption of the various state data security and breach notification law.
Bono Mack is the chair of the House Subcommittee on Commerce, Manufacturing and Trade, which held a hearing earlier today on the proposed SAFE Data Act. Testimony was given by FTC Commissioner Edith Ramirez, Jason Goldman(Telecommunications and e-Commerce Counsel, U.S. Chamber of Commerce), Robert Holleyman (President and CEO, Business Software Alliance), Stuart Pratt (President and CEO, Consumer Data Industry Association), and Marc Rotenberg (Executive Director, Electronic Privacy Information Center). Information on the hearing, including written testimony, is available on the House Energy and Commerce Committee’s webpage.