Despite bipartisan support, we still currently do not have a national data breach notification law. After a data breach, CISOs must individually report to 50 states, the Virgin Islands, Guam, Puerto Rico, and the District of Columbia. Consumers are not protected equally in all states, so it’s reasonable to challenge why so many different and varied laws exist rather than a nationally agreed upon set of data breach notification standards.
A high percentage of a CISO’s team is devoted to compliance and the day-to-day burdens of so many different state and territorial data breach notification laws. The NTSC is focused on bringing together industry and congressional leaders to develop comprehensive national data breach notification legislation that will preempt existing state legislation. National legislation will provide businesses one place to file for breach notifications while simultaneously delivering uniform protection to all consumers.
The New York SHIELD Act: A Comprehensive Overview (August 20, 2019)
Some Thoughts Regarding the Marriott Data Breach (December 7, 2018)
It’s the Right Time for National Data Breach Notification Legislation (October 16, 2018)
Nation needs to unify data breach standards (March 24, 2017)