Following the Equifax data breach, Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus, reintroduced the Personal Data Notification and Protection Act, which provides for a single national breach notification standard.
The bill requires that companies notify affected individuals within 30 days of the discovery of a breach of sensitive personal information and requires the Federal Trade Commission to help coordinate breach notification. Notification of the type of information stolen would need to be provided by mail, telephone or, in certain cases, email.
“This bill will replace the patchwork of 48 state breach notification laws with a single nationwide standard that would clarify and strengthen companies’ obligations to report intrusions that compromise consumers’ personal information,” said Langevin.
“There is much still to learn about the Equifax breach and its ramifications. What is abundantly clear, however, is that consumers are still not sure whether they were affected and what information was stolen. Equifax has done a terrible job communicating about the breach to date, and this legislation will ensure that any future such breach has a single standard and one federal regulator to help get actionable information to consumers quickly,” he added.