On June 20, six Republican Senators and an Independent (Toomey, King, Thune, Heller, Blunt, Rubio, Coats) introduced the Data Security and Breach Notification Act of 2013. (S. 1193)
Data breach notification laws in 46 states and the District of Columbia would be preempted under the legislation. The bill would require covered entities to take “reasonable measures” to protect and secure data in electronic form containing “personal information.” In the event unencrypted, non-anonymized and non-public data is compromised or the covered entity reasonably believes the data has been accessed and acquired by an unauthorized person and the covered entity reasonably believes such access and acquisition has caused or will cause identity theft or other actual financial harm, then the covered entity must provide notification to the individuals affected.
NAR supports a single federal standard for data security and breach notification and will work to craft legislation that is narrowly tailored to reduce compliance burdens, especially for small businesses.