The Business Of Law

Kim Atkins over at Lawyers USA recently had a nice piece (subscription required) on the data security bills working their way through the U.S. House and Senate.  Certainly law firms who often deal with confidential personal information and who are increasingly collecting that information online, will need to be aware of the provisions that will likely be included in a compromise bill.  In the meantime states are not waiting on the federal government to act.  For example,  Massachusetts’ data privacy security act, considered one of the strictest in the nation, goes into effect March 1.

In the House, the Data Accountability and Trust Act, H.R. 2221, would require any person or business that acquires online personal information, or has a third party maintaining such data, to have information security practices to protect the data.

According to Atkins:

All covered individuals would be required to put into place a security policy for collecting, selling and maintaining the information, designate a contact person responsible for managing the information and create a plan to address system vulnerabilities.

Violations of the law could carry fines up to $5 million per offense.

The Senate bill, the Personal Data Privacy and Security Act, S. 1490, would require people who buy and sell data to implement similar data privacy and security programs.

Having witnessed too many high profiles examples of lax cybersecurity, the Congress appears to mean business.