U.S. Congress Struggle For Consensus On Data Breach Reporting

They may not be the only ones given data breaches are increasing over here in the U.K. too; so will we follow suit?

There is no doubt that cyber-security is one of the top concerns for the developed world. In an age where almost everything is digitalised and connected to the internet, cybercriminals have the power to bankrupt a multi-billion dollar business enterprise, collapse global organisations and even cause untold chaos to governments.

Legislative governments across the world are having to vote in new laws and regulations to defend against cybercrime. Now, the U.S. Congress are coming up with all sorts of ideas on how best to combat cybercrime, including the best procedures for reporting data breaches.

Reporting data breaches is absolutely crucial for cybersecurity. Like reporting a crime to the police, only knowledge of the crime can instigate investigations to identify the perpetrators, vulnerabilities and how to prevent the crime from recurring.

In the U.S, uniform data breach reporting across the whole nation appears highly unlikely. Vice president and account executive of global tech and privacy at Lockton Cos, Michael Born, said “everybody has an idea” on cybersecurity, but none of them will be agreed across all 48 states, and it’s therefore likely that each state will come up with its own rules. One idea was that cybercrime victims who get hacked should be able to hack their hacker in return!

A big obstacle

This is a big obstacle in American legislation as the nation is made up of very diverse states. Whilst it might be easier for states to enforce the rules they want, for multi-state or even global businesses and organisations, universal enforcement may restrict the services they provide. This in turn can have a knock-on effect on the individual as an innocent party.

When might it happen?

Cyber-crime is a relatively new phenomenon, so it’s likely it will be many more years before legislation catches up to allow for the most effective method of data breach reporting to be agreed upon. Here in the U.K, our independent Information Commissioner’s Office (ICO) is tasked with the role of monitoring and enforcing the Data Protection Act. During its investigations, the ICO takes into account several factors if a data breach has been found:

The type of information
The method of breach
The data controller’s security systems
How long a delay there was between the date of breach and date of knowledge by the data handler
How long a delay there was between the data controller knowing about the breach and the data owner being informed the breach that may affect them
Steps taken by the data controller to mitigate harm and loss to the data owner

Some service providers must notify the ICO within 24 hours of knowing about the breach of personal data. For most organisations, reporting a data breach to the authorities and coming clean to their consumers early on is much better than delaying it, and research has shown that many affected victims welcome early notification.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.