The Identity Theft Protection Act (S.B. 1408), co-sponsored by Senate Commerce Committee Chairman Ted Stevens (R-Alaska) and Hawaiian Democrat Daniel Inouye, the ranking member of the Commerce Committee, requires companies, government agencies and educational institutions to disclose to consumers breaches of both encrypted and unencrypted data and imposes fines of up to $11 million for violators.
''The fear out there is real and is something we must deal with as quickly as possible,'' said Stevens at a Washington press conference yesterday. He plans to have a full committee mark-up session on the legislation next Thursday morning.
Under the bill's language, organizations that hold sensitive personal information will be required to secure it with physical and technological safeguards that will be specified by the Federal Trade Commission (FTC).
And if sensitive personal data -- encrypted or unencrypted - that could be used for identity theft is lost or otherwise breached, the bill states the holder of that information is required to notify the consumers affected within 90 days of the breach.
The legislation also requires that the FTC be notified of any breach involving more than 1,000 individuals.
''With the problem of identity theft reaching epidemic proportions, a bill designed to protect Americans is absolutely essential,'' Stevens said. ''I look forward to continuing to work with my colleagues on legislation that will mitigate to the greatest extent possible the occurrence of identity theft in this country, but without inhibiting an information-sharing system that yields extraordinary benefits to every American.''
This article was first published on internetnews.com. To read the full article, click here. In the wake of highly publicized data breaches this year, Democratic Senators Dianne Feinstein of California and Charles Schumer of New York introduced identity-theft bills but neither piece of legislation has yet to even have a hearing. Both Democratic bills encountered opposition from the technology industry, which thinks encrypted data represents a good-faith standard that should preempt disclosure to consumers.