Bono Mack introduces bill to improve data security

Rep. Mary Bono Mack (R-Calif.) introduced a bill Monday to establish national standards for data security and data-breach notification.

The Secure and Fortify Electronic (SAFE) Data Act would require that companies notify law enforcement without "unreasonable delay" after a data breach and notify each person affected by the breach within 48 hours.  

The bill would give the Federal Trade Commission jurisdiction over nonprofits for the purpose of data security.  Many nonprofits, such as hospitals and charities, keep sensitive records on people's personal information.  

According to the Federal Trade Commission, nine million Americans are victims of identity theft every year. 

Currently, data-breach requirements are a patchwork of laws varying by state. According to Ken Johnson, a spokesman for Bono Mack, companies spend "an inordinate amount of time" just determining their obligations under a particular state's law when a data breach occurs.  

Bono Mack's bill preempts state laws and creates a single national standard.  

She first drafted the bill in response to high-profile data breaches at companies including Sony, Epsilon and Citigroup.

“My legislation is crafted around a guiding principle: Consumers should be promptly informed when their personal information has been jeopardized," Bono Mack said in a statement. "The time has come for Congress to take decisive action. We need a uniform national standard for data security and data breach notification, and we need it now.”

The bill is scheduled for a markup session Wednesday morning in the Commerce, Manufacturing and Trade subcommittee. Johnson said that he expects a "lively debate" on the measure.

---