There is a good chance federal legislation of some sort will address the issue of data security in 2006. But even if Congress doesn't get around to it, companies should expect to grapple with security and legal compliance at the state level, an expert told attendees at MBA's Legal Issues in Mortgage Technology Conference in San Diego in December.
Twenty-two states adopted data-breach notification laws dealing with identity theft and data security in 2005, but more than 200 state bills were introduced--so expect more to come in 2006, according to Marc Loewenthal, senior vice president of corporate affairs and chief privacy officer at New Century Financial Group, Irvine, California.
"This is clearly an area of the law that has gotten very hot, especially in light of recent [reported data-security] breaches," said Loewenthal. "As a result, it has gotten the attention of the states and the federal government."
In Congress, 21 federal bills were introduced in the House and Senate last year, including the Financial Data Protection Act of 2005, H.R. 3997. Some, but by no means all, of the proposed legislation would pre-empt data-security standards set by state law, noted Loewenthal.
Meanwhile, most of the state laws are modeled after California's S.B. 1386, enacted...