Jun 072011
 June 7, 2011  Posted by  Breaches, Laws

Senator Leahy has introduced the  Personal Data Privacy and Security Act of 2011.  I haven’t had time to read it yet, but just skimming it, I some good provisions in there, but I also see two immediate concerns:

1. It appears to apply only to electronic data (not paper records), and

2. The definition of “security breach” includes a clause “and which present a significant risk of  harm or fraud to any individual.”  So it’s not a security breach for purposes of this bill  if there’s no significant risk of harm or fraud.

Haven’t yet gotten to how that risk is determined to be “significant.”

More on this one later this week….


Sorry, the comment form is closed at this time.