Sign in

Will a Federal Data Security and Breach Notification Act finally get passed?

By: Lisa Marlin

December 4, 2017

Three Democratic Senators re-introduced a Data Security and Breach Notification Act on Thursday that has failed to get legislative approval since 2015. The revised Senate Bill is gaining traction due to the serious information breaches of this last year, especially where the companies at fault did not promptly notify consumers. Two such examples are Equifax, which affected 145 million people, and Uber, where 57 million of their customers had personal data stolen.

The new Bill will add potential jail time for executives willfully covering up certain types of breaches and require companies to report data breaches within 30 days. It took Equifax six weeks to make a public announcement while Uber waited more than a year to disclose its massive data breach. This Bill will also potentially create a Federal Standard that may replace a patchwork of State laws.

“This Bill does NOT replace HIPAA, but extends HIPAA like Breach Notification requirements to businesses and organizations maintaining consumer and personally identifiable data,” said David Ginsberg, President of PrivaPlan Associates, who adds that it borrows the HIPAA term “Covered Entity.”

The legislation was introduced by Florida Senator Bill Nelson and co-sponsored by Senator Richard Blumenthal of Connecticut and Wisconsin Senator Tammy Baldwin. “We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Nelson said in a statement to CNN Money.

It is too early to know the outcome of this newly introduced legislation. But it’s not too early to make sure your data is protected. Let us help. Contact our HIPAA experts at or call 877-218-7707.