New Law Focuses on Concealing Breaches

A new bill advanced in the U.S. Senate today would set a national minimum requirement for companies to notify affected consumers when they suffer data breaches.

The law, introduced by Democratic Sen. Patrick Leahy of Vermont, would override the widely varying data breach reporting mandates that now exist in almost all states, according to a report from Bloomberg News. Under the new law, any company that "intentionally or willfully" hides any aspects of a data breach from lawmakers or consumers could be hit with penalties that include fines and prison time of up to five years.

"The many recent and troubling data breaches in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country," Leahy said in a statement.

Leahy, who chairs the Senate Judiciary Committee, has introduced similar bills several times in the last six years, the report said.

Currently, only Alabama, Kentucky, New Mexico and South Dakota do not have state data breach notification requirements.