Home Tell a Friend! Contact ICFE Link Exchange Search ICFE Subscribe ICFE About the ICFE
ICFE News Releases ICFE in the News Children and Money Financial Education Personal Financial Counseling with Paul S. Richard, RFC Credit Card Tips Credit File Correction Mending Spending Links and Resources Order Options

ICFE eNEWS #16-27 - August 17th 2016

Is It Time For a National Data Breach Notification Law?

By Yan Ross, Director of Special Projects, ICFE

Since 2003, when California adopted the first data breach notification law, nearly all the rest of the States and similar jurisdictions have enacted some form of legal requirement for an organization that suffers a data breach to take certain actions to notify the affected parties and mitigate potential damage.

Over the years, California has amended its law several times to clarify and make more precise the terms and conditions of the requirements. Other States have adopted a variety of different conditions, and in general it's fair to say that a quilted pattern exists across the country.

As an organization may operate under a corporate charter issued in one jurisdiction, locate its headquarters in another, conduct business in many States, and deal with customers, employees, vendors, and business associates in still others, this lack of consistency can and often does result in duplicative and conflicting standards and practices.

It's a natural and predictable situation to seek consistency, either in the form of a model or uniform law to be adopted by the various jurisdictions, or by enactment of a federal law and regulation structure to standardize the existing conflicting and confusing arrangement.

To be sure, there are various federal laws already in place that subject the covered organizations to specific requirements in the event of a data breach. Examples among them are financial institutions, educational institutions, and healthcare providers. Beyond their explicit requirements, in most cases they do not supersede or pre-empt State laws. This can cut both ways: pre-emption may broaden the net of compliance and enforcement, but may also restrict application or exempt entirely certain types of organizations or data breach incidents.

Beyond notification requirements, the standard of remediation remains at a relatively low level. In most cases, the breached organization offers the consumer a year or two year of credit report monitoring, with some measure of assistance provided by an identity theft service company in the event of an actual problem arising. However, statistically, some 50% of all reported cases of identity theft are of a nature that do not show up in a credit report. The most vulnerable of these, with the greatest potential damage, is currently medical identity theft; unless the damage includes a claim for non-payment for medical services, such coverage won't help.

Here's an important note for consumers who receive notification of a data breach and are offered a monitoring and remediation service: be sure to enroll in the service promptly. In the event there is an event of identity theft, and the consumer has not enrolled, that failure to enroll may result in a waiver of any claims against the breached organization.

In early 2015, the "Data Security Act of 2015" was introduced in counterpart versions in both houses of the U. S. Congress. By late 2015, the bill had been considered by the relevant committees of both the House of Representatives and Senate, but as of this time has not reached the floor of either body. At this late date, the chances of enactment before the end of this term of Congress are relatively low.

For the moment, it does not appear that there will be action in 2016 by the federal government to enact any new national breach notification law. But rest assured the subject will come up next year with the new 115th Congress. Either way it comes out, this year's result does not obviate the need for consideration and decision to pass a law to deal with this important subject.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Yan Ross Bio PhotoYan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

Paul S Richard PhotoICFE eNEWS is available FREE upon request by visiting our Web site and filling out the contact form, and selecting "Yes" for "Add to Mailing List. Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

About the ICFE:

The Institute of Consumer Financial Education (ICFE) was founded in 1982 by the late Loren Dunton (creator of the Certified Financial Planner (CFP) designation).  The ICFE is dedicated to helping consumers of all ages to improve their spending, increase savings and use credit more wisely. 
The ICFE is an award winning, nonprofit, consumer education organization that has helped millions of people through its education programs and Resources. It publishes the Do-It-Yourself Credit File correction Guide, which is updated annually. The ICFE has distributed over one million Credit/Debit Card Warning Labels and Credit/Debit Card Sleeves world wide.

The ICFE became an official partner with the Department of Defense/Financial Readiness Campaign in June of 2004.The ICFE was an active partner in the California Student Debt Resource Awareness Project (CASDRAP) which resulted in a new web site: (studentdebthelp.org).  CASDRAP disbanded in 2010, shortly after the web site project was completed.  In 2011 the ICFE assumed the single sponsorship of the (studentdebthelp.org) web site and is now responsible for its content and operation.

The ICFE is also an on-line help for consumers who spend too much.  ICFE's spending help was featured in PARADE Magazine in the Intelligence Report section. The money helps and tips are from the ICFE's Money Instruction Book, our course in personal finance.

Visit the ICFE's other web sites at: www.financial-education-icfe.org and studentdebthelp.org.  Both sites helps consumers and students with mending spending, learning about the proper use of credit, budget and expense guidelines, how to set up and implement a spending-plan and also how to access financial education courses and how to teach children about money. Other ICFE services include: Ask Mr. G,  a free eNews, and an online resource center for students, parents and educators, plus financial education learning tools and a book store.

Home ] ICFE News Releases ] ICFE in the News ] Children and Money ] Financial Education ] Resource Center ] Credit Card Tips ][ Credit File Correction ] Mending Spending ] Links and Resources ]  [ Online Store ]


Copyright ©  1997 - by Paul S. Richard
and the Institute of Consumer Financial Education, All Rights Reserved.
View our
Privacy Policy Our Terms and Conditions

Institute of Consumer Financial Education
PO Box 34070
San Diego, Ca 92163
Paul S. Richard, Executive Director
Phone 619-239-1401

FAX 619-923-3284

Questions for www.financial-education-icfe.org Click to go to Website Contact Us or 
Website Design Donated by Desgn School Programs

Please Tell An Associate, Friend or Family Member About the ICFE