A series of high profile data breaches including those of Target, Sony, Anthem, AshleyMadison.com and the federal Office of Personnel Management have created a Congressional push to establish a federal data breach standard. A number of data breach notification bills have been introduced in Congress this session and provide varying levels of protection for consumers. CDT would prefer to see strong baseline consumer privacy legislation passed that includes provisions for data breach response, as opposed to a law focusing only on breach. However, if a data-breach-specific law is passed it should give consumers equally as much if not more protection than existing federal and state laws.
Earlier this year we outlined elements that should be included in data breach legislation. The following chart compares four proposals for federal data breach legislation on the basis of these elements (as of September 10, 2015).