Data Breaches Bring Back Failed Legislation From the Dead

Public fallout from the data breaches that have affected Citigroup and other large enterprises has reached the political push back stage. Sen. Patrick Leahyhas introduced the Personal Data Privacy and Security Act of 2011, which would bring federal criminal charges against enterprises that don't disclose breaches to individuals in a timely manner via mail, telephone or e-mail. Media notices would be required for breaches involving 5,000 or more people. And the FBI and Secret Service would need to be notified if the breach affects 10,000 or more people, compromises databases containing the information of 1,000,000 or more people, or impacts federal databases or law enforcement. In the House, Rep. Mary Bono Mack has introduced a similar bill requiring disclosures to victims within 48 hours of a data breach.