Discusses patchwork of conflicting state data breach notification requirements and burden imposed on businesses; encourages national data breach notification reform
WASHINGTON, July 18, 2013 /PRNewswire-USNewswire/ -- The Computing Technology Industry Association (CompTIA) today announced that Dan Liutikas, its chief legal officer, testified before the U.S. House of Representatives Small Business Subcommittee on Commerce, Manufacturing and Trade on the need for national data breach notification reform and how the current patchwork of conflicting state data breach notification requirements is creating a huge regulatory compliance burden on small and medium-sized businesses (SMBs) in the innovation-driven IT sector.
Liutikas serves on the Board of Directors of CompTIA and also leads various initiatives in developing legal and regulatory resources for the membership, collaborating on initiatives with the public advocacy group and bringing together the IT legal community to jointly focus on key industry initiatives.
In his testimony, Liutikas stated, "Today, there are 46 state data breach notifications laws, including the District of Columbia, enacted across the country. This patchwork of state data breach notification (DBN laws) creates significant compliance obligations since no two state data breach laws are exactly the same. Moreover, many state DBN's are in conflict with each other."
Liutikas stated that with the increasingly mobile economy, these laws are getting even more complicated to understand since it is not always clear about the geographic boundaries of where a data breach may have actually occurred which can be different from where a consumer may actually reside.
He also emphasized that the creation of a national framework for data breach notification can go a long ways towards promoting effective consumer notice, reducing costs and eliminating barriers to entry for SMB firms.
"A national framework for data breach notification can serve as an incentive toward the expansion of IT services across state lines. For instance, when an IT firm considers expanding its business across state lines it must take into account the state regulatory and compliance obligations of that state. A national framework for data breach notification would provide regulatory relief from the additional state data breach compliance obligations."
Liutikas also recommends several principles to incorporate into a national data breach notification framework, which CompTIA believes would also receive broad industry support.
CompTIA is the voice of the world's information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy. Visit http://www.comptia.org/home.aspx or follow CompTIA at http://www.facebook.com/CompTIA and twitter.com/comptia.