Less than a week ago, we reported that California had expanded its notification law to cover medical information. Now, another piece of data breach notification legislation being considered by the Indiana State Senate is facing heavy pressure from industry lobbyists.

Microsoft, AT&T and Verizon have teamed up to kill the pro-consumer legislation, bill 1197, currently being considered. This bill would require that all breaches of unencrypted data affecting one or more consumers be reported to the Attorney General. The Attorney General would then publish all records of breaches to a public website. This bill would make Indiana the only State to publicly report each breach. Currently, New Hampshire posts breaches online, but it is not compelled to do so by law.

CNet reported this story with much criticism of the companies trying to stop this bill. An AT&T image is captioned with this snarky comment: “consumers should be kept in the dark–oh, and we kick puppies too.”

In a State Senate meeting yesterday, the lobbyists claimed that the online reports would provide phishers with ammunition for more attacks (for example, emailing consumers the real link as well as a link to an attack site). The state of New Hampshire has not, after a year, had any connection between the reports and phishing attacks. Breach compilation sites like Attrition.org have also not experienced phishing issues.

Aside from these contentious points of the bill, this legislation would tighten up existing notification requirements. For example, companies that have password-protected computers are not required to report a breach - the new bill would have encryption as the basis for this exemption.

Continue reading more here from CNet’s Chris Soghoian, who helped to spearhead the creation of this new bill.

Tags: lobbyists, law, legislation, data breach, data breach notification, data breach law, notification requirements, indiana, privacy, consumer rights