Data breaches have been a point of concern for businesses large and small, and even government agencies at all levels, for some time now. The costs of dealing with these incidents may be extremely large, making it imperative for small businesses in particular to seek tech insurance coverage. Further, companies may soon have to do more to comply with what could soon become federal law related to disclosing these incidents when they occur.
The U.S. House of Representatives may soon have to vote upon a proposed federal law that would require companies to notify consumers when they suffer a data breach, according to a report from Corporate Counsel. It is the fourth time in the last eight years alone that the House will have to consider such a bill, as its Energy and Commerce Committee’s trade subcommittee recently held hearings about whether a federal standard – which would replace the many disparate requirements currently at the state level – would be appropriate to put into place.
“Currently, the laws that govern data breach notification are a patchwork of state and territory-specific statutes,” subcommittee chair Lee Terry, a Nebraska Republican, said at the hearing, according to the site. “Unfortunately, they tend to differ from each other in many ways.”
In all, 46 states and the District of Columbia, as well as Puerto Rico, have all put some sort of data breach notification law into place, but obviously the standards are different in the vast majority of cases, the report said. Interestingly, there is really only one overarching federal law related to data breaches in place, that being the Health Insurance Portability and Accountability Act (HIPAA), which has been extremely helpful in standardizing requirements for what happens when certain types of information about consumers is exposed.
The potential problems with current laws
Terry noted that one of the major concerns that many businesses, regardless of their size, may face when they suffer an already-damaging data breach is that they simply have to deal with so many requirements related to complying with various states’ laws, the report said. The cost for doing so can therefore be quite high, and having a federal law in place that supersedes those at the state level would thus eliminate any confusion related to compliance, as well as reduce costs for doing so.
One expert that testified before the subcommittee noted another potential issue that businesses suffering these breaches is that many states may have laws that actually conflict with those put in place by other states, the report said. That can only serve to further complicate compliance problems for companies that suffer breaches affecting consumers in more than one state. However, critics of a potential federal law say that the issue is that Congress might not go far enough in putting the new rules into place; in addition to having regulations about the kinds of things companies need to do in the wake of such an event, it might also be wiser for the government to put rules in place that would dictate what kinds of information needs to be protected, and how.
Complying with data breach laws should be a major point of concern for independent companies in particular, simply due to the cost involved, which may make it imperative to have a small business insurance policy in place that will help cover those potentially large expenses. In addition, it might be wise to make sure all is being done to avoid suffering such an incident in the first place, such as training employees on proper precautions to take, or hiring an IT professional.