Healthcare // Analytics
07:01 PM

White House Seeks National Data-Breach Notification Law

The Obama administration's cybersecurity policy proposal aims to standardize how U.S. businesses notify people if their personally identifiable information is inadvertently released.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The Obama administration wants to standardize how U.S. businesses notify people in the event of a data breach that inadvertently exposes sensitive personally identifiable information.

In a broad cybersecurity policy proposal released Thursday, the White House outlined national guidelines requiring any business that collects personal information about more than 10,000 people during any 12-month period should notify them immediately following a data breach.

The proposal also outlines how people should be identified as well as if and how businesses should submit information to regulatory and law-enforcement authorities.

For example, businesses would be required to notify people by at least one of several means of communication--including sending a letter to their last known mailing address or by making a personal telephone call.

Not every data breach would require a report to law enforcement if the new law goes into effect, however. Whether a report is necessary depends on how many unauthorized people accessed the breach, and if the breach involved a database or network of databases that contained information of more than 500,000 people across the country, according to the proposal.

The plan does allow for some exemptions as well. Companies that participate in a security program or have software blocking an unauthorized financial transactions before it's charged to the account of the person whose information was stolen, for example, would not have to notify people that their information was accessed.

If enacted, a national law would supersede various state laws that govern how data breaches are handled. Currently, 46 states and the District of Columbia have data-breach notification laws, but they don't all deal with notifications in a standard way.

Lawmakers over the past couple of years have tried to pass a national data-breach notification law, but so far have been unsuccessful.

Indeed, comprehensive cybersecurity legislation, too, has bandied about Congress for years, but nothing as grand as the White House plan has made it past both Congressional chambers yet--even though some of the bills cover as much ground.

Some members of Congress have even blamed the administration's lack of a plan for not getting cybersecurity legislation through both the Senate and the House of Representatives. The release of the cybersecurity plan Thursday gives them an excuse no longer for dragging their feet.

However, even with the plan and the White House's determination, it may be difficult to get a national data-breach notification law or any other cybersecurity legislation through Congress this year. Republicans controlling the House and Democrats controlling the Senate remain at odds over a number of issues.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 24, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.