Experian Data Breach Resolution releases white paper with analysis on data breach laws

Report provides insight into the current regulatory framework around data breach notification and what to expect going forward

May 21, 2014, 06:00 ET from Experian

COSTA MESA, Calif., May 21, 2014 /PRNewswire/ -- Preparing a data breach response plan must include a review of the different state and federal laws at play to establish the proper framework for addressing notification and other requirements. Experian Data Breach Resolution released a white paper today, "Policymakers Review Focus on Data Breach Laws," analyzing the current legislative and regulatory landscape around data breaches.

Legislation to establish a national data security and breach standard remains undefined, sustaining uncertainty as to whether a national, preemptive law will be enacted. Despite the lack of a national standard, 47 states have enacted data breach notification laws, and the attorneys general and the Federal Trade Commission (FTC) have established a regulatory threshold through enforcement actions. Together, these comprise the law of the land, and both the attorneys general and the FTC are taking action to ensure compliance. 

"You don't want to learn the current patchwork of federal and state data breach laws while in the midst of a breach," said Michael Bruemmer, vice president, Experian Data Breach Resolution. "Having the right group of experts, including outside privacy counsel, identified ahead of time will significantly improve a company's ability to respond in a way that meets regulatory requirements and keeps the focus on assisting the affected population."

In examining the current landscape, key topics addressed in the paper include:

Continued FTC action
Since 2001, the FTC has brought more than 50 cases that accused businesses of failing to protect consumers' personal information. In the settlements that the FTC has reached with companies in cases involving data breaches, the entities are required to implement a comprehensive information security program and undergo evaluation every two years by a certified third party. It is expected that the FTC will continue to take enforcement actions against companies that experience large breaches of consumer information.

Federal focus on new data breach laws  
While previously introduced bills have failed to garner enough support to be signed into laws, new legislation is being introduced within 2014 and is pending consensus.

Global policy trend in data breach notification
Following the European Union's (EU) update to data breach requirements in 2013, the EU is considering expanding the 24-hour notification requirement. Australia and countries in Latin America — including Mexico, Costa Rica and Colombia — are also considering data breach notification requirements.

To access the full complimentary white paper, visit http://bit.ly/Experian2014LegislativeOutlook.

Additional data breach resources, including Webinars, white papers and videos, can be found at http://www.experian.com/databreach.

Read the Experian Data Breach Resolution blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution
Experian Data Breach Resolution, powered by the nation's largest credit bureau, is a leader in helping businesses plan for and mitigate consumer risk following data breach incidents. With more than a decade of experience, Experian Data Breach Resolution has successfully serviced some of the largest and highest-profile breaches in history. The Group offers swift and effective incident management, notification, call center support and fraud resolution services while serving millions of affected consumers with proven credit and identity protection products. In 2013, Experian Data Breach Resolution received the "Customer Service Team of the Year" award from the American Business Awards. Experian Data Breach Resolution is active with the International Association of Privacy Professionals, Health Care Compliance Association, American Health Lawyers Association, Ponemon Institute RIM Council, InfraGuard and is a founding member of the Medical Identity Fraud Alliance. For more information, visit www.experian.com/databreach and follow us on Twitter @Experian_DBR.

About Experian
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2014 was US$4.8 billion. Experian employs approximately 16,000 people in 39 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and Sao Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Experian and the Experian marks used herein are trademarks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.


Joel Rushing
1 206 268 2251

Sandra A. Bernardo, APR
Experian Data Breach Resolution
1 949 567 3676

Photo - http://photos.prnewswire.com/prnh/20140519/89044

Logo - http://photos.prnewswire.com/prnh/20130131/LA51658LOGO

SOURCE Experian