Proposed legislation would allow companies to keep some data breaches secret
Image from Shutterstock.
Proposed federal legislation would sometimes allow companies to keep quiet when hackers access their computer systems.
The proposed law would require quick disclosure by companies if there is a risk of serious identity theft or fraud, the Wall Street Journal’s Risk & Compliance Journal (sub. req.). But there would be no need for disclosure when company officials believe there is no reasonable chance that customers will be harmed.
The law would trump state disclosure laws, according to Baker & Hostetler privacy lawyer Gerald Ferguson. The proposed law gives companies discretion and “would lead to less notifications,” he told the Risk & Compliance Journal.