D.C Creates Its Own Data Protection Regulations
While the U.S. does not have a national law like the General Data Protection Regulation, which mandates digital security and privacy, states and cities are taking matters into their own hands. With 41 data breaches resulting in millions of people having their data leaked, it’s no wonder why many United States lawmakers are calling for stricter policies. There are currently eleven states with some form of legislation surrounding data breaches. It’s not only hackers and breaches causing issues but unsecured servers and databases which leave customer information exposed. The Security Breach Protection Amendment of 2019 aims to create a solution.
Of these 11, California is the only one with legislation similar to GDPR with their Consumer Privacy Act. However, The District of Columbia is joining the European Union and California with its own set of data protection rules. The amendment is called “The Security Breach Protection Amendment Act of 2019.” The Attorney General of D.C says, “Data breaches and identity theft continue to pose major threats to District residents and consumers nationwide.”
California’s Consumer Privacy Act states that any entity that handles over 50,000 consumer records and if it does business in the state. The regulations state that companies must also provide individual consumer data in a portable format if a customer requests it and delete all of their information at a customer’s request and more.
The eight-page bill saysthe goal is to protect personal information from unauthorized access, use, modification, disclosure or a reasonably anticipated hazard or threat of any person or entity that has stored personally identifiable information.
Security Breach Protection Amendment of 2019 Violations
Overall the bill calls for businesses to have stricter security protocols while handling customer information. Unlike GDPR, the D.C. bill does not have financial consequences for failure to notify the government about a data breach. Instead, any company or entity breached must provide written and specific information to the Office of the Attorney General and specify how they will protect personal information. Any breached entity is required to offer two years of identity theft prevention services when the breach results in the release of social security or tax ID numbers.
The amendment provides positive first steps to data protection policies. However, with districts and states creating their own data protection laws, a national law needs to be put in place. Senator Ron Wyden proposed the Consumer Data Protection Act, which holds senior executives of businesses responsible for lack of security precautions. However, little movement has happened related to this bill.
Secure Forensics Can Help With Data Breaches
We have a dedicated team of digital forensic experts who have decades of experience and can deploy anywhere in the world within 24 hours. Secure Forensics can help stop and identify the source of a breach. Once we stop the breach we will help you prevent a breach from happening again. To speak to our 24-hour helpline call us at 1-800-288-1407.