Last week industry experts testifying before the Senate Finance Committee said that stronger laws are necessary to protect consumers when security protecting their personal data is compromised. The hearings, chaired by Sen. Michael Oxley (R-Ohio), are investigating possible rule changes that would require companies to notify their customers in the event of a data breach. Sen. Diane Feinstein (D-Calif.) wants a notification requirement and a seven-year fraud alert included on consumer credit reports after any breach. Any tightening of regulations governing the data storage industry would probably seriously complicate life for healthcare companies, who already face privacy requirements imposed by HIPAA. Some critics are arguing that notification should only be required in situations where there is a clear risk to customers.
- see this story