Senator Wants Federal Data Protection Law

/ Source: SecurityNewsDaily

The U.S. Senate will consider a bill aimed at protecting citizens' personal information from online data theft, and penalizing companies that don't adequately store and safeguard their customers' personal information.

Introduced by Sen. Richard Blumenthal (D-Conn.), the Personal Data Protection and Breach Accountability Act of 2011 would force companies that hold online information for more than 10,000 people to follow strict guidelines to ensure the data is stored correctly, the New York Times reported.

The bill would impose fines on companies who don't follow the guidelines and leave customer data open to compromise, and open the door for customers to sue companies that don't adequately protect their data.

Blumenthal's bill would put the U.S. government in line with states such as Massachusetts, which has legislation that fines companies that improperly protect residents' digital data.

An impetus behind the bill, Blumenthal told the Times, is Sony's massive mishandling of personal data earlier this year, which put the personal data of more than 100 million customers at risk.

"The Sony data breach has become a poster child of why we need this law," Blumenthal told the Times. "We were working on this legislation before that data breach occurred, but Sony is a good example of why this law should exist."

Sony may be the most notable data breach of the year, but it's certainly not the only breach. Last week, Stanford University Hospital confirmed that the medical records of 20,000 emergency room patients were accidentally posted on a commercial website for nearly a year.

In the past few months, customers' personal online information has been exposed during breaches at Yale University, Purdue University, the Texas state comptroller's office and the University of Wisconsin.