Skip to content

Breach Notification Proposal Lacks Teeth

by Neal O'Farrell on May 17th, 2011

The Obama administration’s plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, critics say.

Obama’s proposal would trump existing state notification laws currently on the books in 46 states, the District of Columbia, Puerto Rico and the Virgin Islands. But the policy would not apply to U.S. healthcare organizations and their business associates that already must comply with the HITECH Act breach notification rule, which has requirements that are somewhat similar.

Yet, Neal O’Farrell, founder of the Identity Theft Council, a grassroots network that provides support for victims of identity theft, says the proposal, as written, won’t have much impact. “It’s very vague,” he says, and lacks any mandates for consumer education and support, as well as a way to classify breaches. [See Battling 'Breach Fatigue.'] Read the full story at

From → Uncategorized