Obama’s Data Breach Proposal Seeks to Arrive at a Single Breach Notification Rubric


On January 12, 2015, President Obama introduced the Personal Data Notification & Protection Act to preempt state data breach notification laws.  Presently, some 47 states have enacted data breach notification statutes which call upon firms whose data has been hacked or breached to give notice to those whose PII may be affected or compromised.  The administration’s legislation would preempt all of those state statutes, so that firms do not have to adhere to fifty different sets of requirements, imposing instead a single federal notice requirement.  The proposed legislation does not appear likely to impose or change the standards for liability for data breaches.  A more comprehensive article on the proposed legislation is available here.