Cerasale: Expect Federal Data Breach Law This Year

Share this article:
NEW YORK -- One of four federal data breach notification bills probably will pass this year, according to Jerry Cerasale, senior vice president, government affairs at the Direct Marketing Association.


Cerasale briefed list professionals at a legislative update held yesterday by the DMA's List and Database Council.


"Odds are much higher now that a federal security breach law will pass before October 2006," he said.


Cerasale cited the four bills that the DMA considers important, listing those in the Senate Commerce Committee, Senate Judiciary Committee, House Financial Services Committee and House Energy and Commerce Committee as the ones from which the eventual law will come.


The federal bills resemble the California data breach notification law that prompted data broker ChoicePoint to reveal breaches early last year. Some other data breaches revealed last year involved LexisNexis, DSW Shoe Warehouse and CardSystems Solutions.


Cerasale said the details of the federal legislation likely to pass should become clearer in a few months. Meanwhile, the DMA is satisfied with many of the provisions in the bills. All four discussed by Cerasale would preempt state data breach notification laws.


Though all four bills say that the sensitivity of the personal information dictates whether breach notification is necessary, differences exist on what constitutes sensitive data. Three of the bills define sensitive data as name, address, e-mail address and other marketing data only if accompanied by a Social Security number, driver's license data or an account number such as a credit card number.


However, the Senate Judiciary bill added any government identification, mother's maiden name and exact date of birth as qualifying sensitive data when coupled with marketing data like name and address, Cerasale said.


In all four, the trigger for mandatory notification is set at "significant risk," a term still not clearly defined. There has been talk of changing "significant" to "reasonable" in the House Energy and Commerce bill, he said, though it is unclear how big a difference in the notification threshold that would make.


A major issue with the Senate Judiciary bill involves a provision that calls for access and correction for breached data, meaning that a consumer who was the victim of a breach of sensitive data would have the right to access his file and correct any errors. The DMA opposes this based partly on the expense but also because access might undercut antifraud measures, Cerasale said. He predicted a battle over this provision.


While the House Financial Services bill covers breach notification only, the other three have information broker provisions.


"Information brokers are defined as a person who rents, sells, exchanges, etc., personal information to a third party on non-customers," Cerasale said. The data that ChoicePoint sells to employers for applicant background checks would be an example.


Share this article:

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in News

NBA Names Insurance Exec as its CMO

NBA Names Insurance Exec as its CMO

Nationwide and State Farm veteran Pamela El takes the league's marketing helm next month.

Bloomberg Names Bigley CMO

Bloomberg Names Bigley CMO

Communications chief Deirdre Bigley is appointed head of global marketing for the business and financial news company.

2014 Essential Guide to Omnichannel Marketing

2014 Essential Guide to Omnichannel Marketing

The 2014 Essential Guide to Omnichannel Marketing‚ÄĒeverything you need to know about Omnichannel, all in one spot. Read on for insight.