Each state government has its own laws regarding consumer protection and data breach notification. When a breach of customer data occurs, CISOs must individually report the breach to each of the governments of the 50 states, the Virgin Islands, Guam, Puerto Rico, and the District of Columbia. This is an unwieldy and uneven system that slows down the response to data breaches and therefore increases the risk to consumers whose data is exposed.
The NTSC believes the best solution to this patchwork approach is a national data breach notification standard that preempts state regulations, provides a single place for companies to file reports, and protect all consumers equally. A uniform national standard will ease the excessive burden of the current patchwork system that plagues CISOs and their team as they respond to incidents and allow them to allocate their resources more fully to finding and closing the breach and notifying consumers as soon as possible.
The New York SHIELD Act: A Comprehensive Overview (August 20, 2019)
Some Thoughts Regarding the Marriott Data Breach (December 7, 2018)
It’s the Right Time for National Data Breach Notification Legislation (October 16, 2018)
Nation needs to unify data breach standards (March 24, 2017)