October 11, 2021
Media coverage continues following Kelley Drye counsel Jessica Rich’s
testimony before the full Senate Commerce, Science, and Transportation Committee. The Committee is discussing the need for a federal data security standard.
Rich recommended a standard that’s scalable to different types and sizes of companies and the volume and sensitivity of the data they collect. Otherwise the law could impose requirements ill-suited and unattainable for small business, she said. Rich also supported data minimization incentives or requirements. Rich said to ensure accountability and deterrence, the data security standard should authorize strong remedies such as civil penalties and redress to businesses that fail to meet the data security standard.
"Most of the FTC's data security efforts are based on the FTC Act, a law that leaves wide gaps in protection and doesn't authorize penalties for first-time violations," Rich said. "While there are sector-specific laws with a data security component, and half the states now have their own data security laws, it's a messy and confusing patchwork."
Read the SearchSecurity
Read the Bollyinside