President Obama recently proposed a new set of rules dealing with how companies protect customer data in the wake of a breach. The United States currently has no standard dictating what should be done, but if these rules become law that could all change soon.
Called the Personal Data Notification and Protection Act, this law would create a set of rules for how companies handle personal information of customers and also make trading stolen person identity information illegal. One key part of the act would require companies to notify customers of a data breach within 30 days.
Previous bills regarding the handling of personal information have mostly been targeted at the government and this change of direction comes after a year of big name data breaches. Target and Home Depot both suffered big name attacks with data breaches increasing almost 30 percent in 2014.
There is concern, though, that this proposed law won’t go anywhere, and if it does that it will conflict with current state laws. 47 states currently have laws in place that require companies to notify customers of security breaches within a certain amount of time, though they range in aggressiveness. Additionally, between 2013 and 2014 six similar bills were proposed in Congress with none of them becoming laws.
With uncertainty over whether there will be federal changes to laws regarding data breaches, companies need to focus on fraud prevention. Consumer identity verification programs, like our IdentiFraud, can help companies prevent cyber criminals from accessing information. Driver’s license verification and dynamic KBA can also help your company, and your customers, feel safe.
[Contributed by EVS Marketing]