COSTA MESA, Calif., June 23, 2015 /PRNewswire/ -- Experian Data Breach Resolution today released a white paper on the current state of data breach legislation that shapes how companies must prepare for and respond to a data breach. In the wake of several recent high-profile data breaches, the discussion around data breaches is heating up, and impending changes have companies waiting for how that will impact their incident response at the state, federal and global levels.
Currently, companies face a segmented system of state- and sector-specific data breach laws. At the same time, policymakers in the European Union (EU), Australia and Brazil are considering new approaches to data breach notification that could impact businesses that engage in global commerce.
"With data breach law debates continuing in Congress and among state regulators, we are likely to see shifts in the legal frameworks that companies must follow," said Michael Bruemmer, vice president, Experian Data Breach Resolution. "Organizations must ensure they understand and are meeting both the legal requirements and expectations of regulators to protect customers in the event of a data breach. Identifying subject matter experts such as outside legal counsel ahead of time is imperative to help businesses navigate the complex regulatory landscape."
Some of the highlights from the report, Government Focus on Cybersecurity Elevates Data Breach Legislation, include:
State patchwork becoming more complex
When a data breach occurs in the United States, businesses are guided by a patchwork of 49 existing laws in nearly every state, the District of Colombia and Puerto Rico. Adding to this complexity, state legislatures continue to modify their requirements to be stricter on the types of information that constitutes risk for identity theft. For example, Illinois currently is considering legislation that would take the definition of personal information beyond financial information and other key financial identifiers to less-sensitive data, such as marketing information.
Congress closer on federal breach rules
There are several bills active in Congress that are aimed at forging a national data breach standard. Lack of consensus on the specifics of the legislation previously contributed to delays; however, the subject is once again a top priority for lawmakers to discuss during the 114th Congress. Although some in the security community are opposed to a federal data breach notification standard, the possibility of federal legislation preempting state laws is garnering more support than ever before.
Global breach rules put international data loss in the spotlight
New global data breach policies are particularly complicated for companies operating at an international level. The EU is considering an expansive rewrite of the region's data protection law that would require 24-hour notification for all commercial sectors. Brazil introduced a new data protection proposal in February, and there are signs that the Australian government will renew a push to enact a data breach notification standard.
To access the complementary white paper, visit http://bit.ly/1GxgpRk.
Additional data breach resources, including Webinars, white papers and videos, can be found at http://www.experian.com/databreach. Read the Experian Data Breach Resolution blog by visiting http://www.experian.com/dbblog.
About Experian Data Breach Resolution
Experian Data Breach Resolution, powered by the nation's largest credit bureau, is a leader in helping businesses prepare for a data breach and mitigate consumer risk following breach incidents. With more than a decade of experience, Experian Data Breach Resolution has successfully serviced some of the largest and highest-profile data breaches in history. The group offers swift and effective incident management, notification, call center support and fraud resolution services while serving millions of affected consumers with proven credit and identity protection products. In 2013, Experian Data Breach Resolution received the Customer Service Team of the Year award from the American Business Awards. Experian Data Breach Resolution is active with the International Association of Privacy Professionals, the Health Care Compliance Association, the American Health Lawyers Association, the Ponemon Institute RIM Council and InfraGuard and is a founding member of the Medical Identity Fraud Alliance. For more information, visit http://www.experian.com/databreach and follow us on Twitter: @Experian_DBR.
We are the leading global information services company, providing data and analytical tools to our clients around the world. We help businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. We also help people to check their credit report and credit score, and protect against identity theft. In 2014, we were named by Forbes magazine as one of the "World's Most Innovative Companies."
We employ approximately 17,000 people in 39 countries and our corporate headquarters are in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2015, was US$4.8 billion.
Experian and the Experian marks used herein are trademarks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.