In January 13 and 14, 2015, Law360 articles, Shook, Hardy & Bacon Data Security & Privacy Practice co-chair Al Saikali discusses the Obama administration's proposals that aim to standardize the legally mandated response to data breaches.
Under the current framework, national companies must comply with a patchwork of 47 differing state statutes in the event of a breach in data security; a single federal law might simplify company compliance. "These are all good ideas, but the devil will be in the details, and for now, these announcements have only created more questions than answers,” Saikali warned.
Following the January 13 release of the full text of the proposed legislation, the Personal Data Notification and Protection Act, Saikali expressed concern with the idea of a federal standard. "I think consumers will lose if federal legislation is passed in the area of breach notification because right now most companies are complying with the most stringent standards in an effort to ensure compliance everywhere," he told Law360. "Chances are, particularly given the new pro-business makeup of Congress, the federal legislation will be less stringent than the most stringent state laws."