The proposed Federal Data Breach Legislation, options of which are now in front of the Senate for consideration, has been the focus of many political discussions of late. In addition to the National Retail Federation’s suggested amendments, politicians and associations have been vocal on the issue.

Massachusetts Attorney General Martha Coakley, who was herself at risk for identity theft in January, supports a State-led breach initiative. She believes that National guideliness should address the issues, but that State abilities to exercise their own legislation should not be superceded. Coakley is advocating that the data handling and breach reporting requirements should remain at the State level.

On the other side, the Cyber Security Industry Alliance (CSIA) has voiced its support of Federal legislation. The CSIA, an advocacy group on privacy and security via technology and policy, believes that consumers will be better served by National, rather than State, breach reporting requirements. State involvement would pertain to the application of National law.

The CSIA argues that consumers should receive a consistent experience when receiving a data breach notification. Consumers should be told whether their data is likely to be misappropriated, whether it was encrypted, whether the data was lost or stolen, and that the notification they receive has the same meaning as that of other locations. Federal legislation would also unify the procedures for companies operating in many states or particularly for web-based companies.

“Clearly this is a Fed-related issue to me, the Internet is a uniquely national and global system, and the burden of primary enforcement has to fall on Fed and other nations’ governments,” said Gray. “The federal government needs to devote more resources to this problem, and we believe that it is critical for this issue to be a priority; e-commerce is the future, and if people are afraid that data won’t be protected, they will shy away from doing business online.”

Via ZeroDay Security ; Tags: data breach, data breach legislation, privacy legislation, csia, federal law, data breach notification