Advocates for legislation that would clarify how and when organizations must notify customers of a data breach are using the recent Yahoo hack of 500 million user accounts to support their efforts. There are data breach notification laws, all slightly different, in force in 47 states, while Congress has been working on a national data breach law for almost a decade.
There are a handful of cybersecurity bills currently circulating in the House and Senate. Data breach legislation is thought to be the next “frontier” for Congress, according to a recent The Hill article.
Senator John Thune (R-S.D.), chairman of the Commerce Committee, supports such legislation and explained, “We haven’t hit that sweet spot quite yet, but we’re close. I’m hoping this revelation about Yahoo will provide the needed impetus to get across the finish line.” The slow progress is likely because of a number of reasons, primarily the gridlock Congress faces in general, but also due to different interests in the financial, retail, health and other sectors.
Additionally, many experts fear that strict reporting laws could interfere with ongoing data breach investigations. Nonetheless, the fact that the Yahoo breach remained under wraps for more than two years could mobilize the public and unite Congress to push for a clearer and stricter universal data breach notification law.