your passport to all things web
Proposed Changes To Data Security Laws
All staff should be aware of the potential updates and changes to current security regulations. Please note that disclosure of secure information, in any way, constitute’s a breach and a new bill imposes a 5 year mandatory prison term if a breach occurs and is not properly reported. This takes security, for all staff members, to a new level.
The definition of PII is being extended to include:
online usernames and passwords
unique biometric data such as fingerprints and retina or iris scans
physical and mental health data
private digital photographs and videos
The above list is in addition to the following current PII definition:
financial account numbers
debit/credit card numbers
Please note that, although “breach laws” have been proposed in the past and have failed to be enacted, security analysts and lawyers expect these bills to pass, in some form, as a result of the Equifax and Uber breaches. This is a very important topic and if you have any questions or comments, please feel free to ask.
More information about these changes and the proposed law can be found at the following links:
Two Data Breach Bills Introduced in US Senate
H.R. 4081: Consumer Privacy Protection Act of 2017
Data Security and Breach Notification Act