HB 1197 – Data Breach Bill

A message from local blogger Chris Soghoian on legislation in the Indiana statehouse:

11 Indiana State Senators will be voting on an important data breach bill next Tuesday (the 12th). This bill (which I helped to draft with my local state representative) will shed a significant spotlight on companies who lose or misplace sensitive consumer financial and other personal information.

The bill, HB 1197, sailed through the house a couple weeks ago, passing 94-0.

Read more about the bill here.

I drove up to Indianapolis on Tuesday to testify in front of a Senate committee, expecting to have just as easy a time. Unfortunately, there were about 10 lobbyists there representing such firms as AT&T, Comcast, Verizon and Microsoft who are doing everything possible to kill the bill.

It will be voted on at 9AM on Tuesday the 12th of February, and I’d like to do all that I possibly can to mobilize the blogosphere to pressure the State Senate to pass this bill – and to not gut the pro-consumer provisions in the bill.

I have written up a lengthy blog post on the subject here.

I would greatly appreciate it if you could write a brief post on your blogs, and link to it. Or, if you’re willing to, perhaps write your own more lengthy post on the subject. If you’re interested in calling your state senators, that would be fantastic too.

A few more details on the bill:

We all do business with companies. They know our names, addresses, financial and medical information, mothers maiden names, and social security numbers. This information, if gotten into the wrong hands, can be used to commit identity theft, which can ruin your credit, and make your life miserable.

Unfortunately, some companies do not do the best job in keeping this data safe: It is left unlocked on laptops – which are then lost, or stolen. Computers are not kept secure, and hackers break in, or sometimes upset employees steal the data to get revenge on their employer.

Companies have a duty to tell their customers when they lose our personal data. Indiana passed a law a couple years ago to do that, but unfortunately, it has a few loopholes, which can allow companies to avoid this requirement, or to do it in a way that can be difficult for consumers to find out about.
House Bill 1197 closes the loopholes in the law. It will require that any company that loses customer data tell the state attorney general, and will require that the attorney general post this information online. The info will mention how many Indiana consumers were impacted, what information was stolen, and steps that consumers can take to protect themselves. No personal info (i.e. people’s social security numbers) will be posted by the attorney general – it will be broad info, not on any one individual.

A number of companies have rallied their lobbyists to try and kill this bill. They do not want to have this information online, as it makes them look bad. Consumers should have a right to know what is happening – and by putting these reports onto the Internet, it will be easier for consumers to learn about the problems. It will also be much easier for the press to learn, and then publicize it.
For the last couple of years, New Hampshire has been doing this – and it’s been a huge success. No consumer has suffered as a result of these reports being online in New Hampshire.

Please act now, and stop Microsoft, AT&T and others from killing this bill. Consumers have a right to know when their data is misused or lost.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.