Senator Dianne Feinstein (D-CA) has) introduced “The Notification to Risk to Personal Data Act of 2005.” The Act, S. 751, is a stronger version of her earlier bill, S. 115, which she submitted in January.
Like S. 115, S. 751, which she introduced on Monday, is based on a California state law that requires notification of individuals when a data breach occurs. But according to Feinstein, the federal bill goes beyond the scope of the California bill by:
Covering both electronic and non-electronic data, as well as encrypted and non-encrypted data;
Allowing individuals to put a seven-year fraud alert on their credit report;
Laying out specific requirements for what must be in consumer data breach notices. This information includes a description of the data that may have been compromised, a toll-free number to learn more about the information and individuals that have been put at risk and the names and addresses of the three major credit reporting agencies;
Calling for stricter civil penalties of $1,000 per individual not notified, with a maximum of $50,000 per day, during the time the company fails to notify consumers;
Giving enforcement power to the Federal Trade Commission, or other relevant regulator, or to a state attorney general who could file a civil suit.
