Washington’s attorney general and two lawmakers are calling for stronger data breach laws after the recent incidents of Premera Blue Cross and Anthem, Inc. data breaches. Attorney General Bob Ferguson, Sen. John Braun, and Rep. Zack Hudgins wrote an opinion piece in The Olympian this week.
As per the statement, current state data breach law is a decade old and obsolete and more meaningful and timely notification laws are necessary. They are trying to close current loopholes. The proposed legislation would require that individuals and the attorney general be notified within 45 days of a data breach occurring.
“In the present statute, there are too many loopholes about when notification must be provided, leaving consumer’s vulnerable to financial fraud and identity theft,” the opinion piece said. “The current law is alarmingly vague on the timeline to notify consumers when data has been compromised. And unlike other states, our current statute does not require notification to the Attorney General when a data breach puts state residents at risk.”
The proposed legislation states that HIPAA covered entities are “deemed to have complied with the notice requirements” if they have “complied completely with section 13402(f) of the federal health information technology for economic and clinical health act, Public Law 111-5.”
Murray discussed the data breach notification process as he was upset with the Premera data breach. He said that it was troubling that it took Premera so long to notify individuals, the media, and lawmakers that an incident took place.
“These failures are particularly troubling given the scope of the attack,” Murray wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.