The House introduced H.R. 4791 this week (these things have a way of cascading into the private sector, so it’s good to watch what they’re up to). Some “highlights” include:
- expands the definition of PII
- formalizes data breach/loss reporting requirements
- mandates encryption and/or obfuscation of records containing PII data
- requires keeping an accurate & current list of systems with PII data at rest or in transit
- outlines notification requirements
- forces protection on mobile devices
- ensures remediation plans are followed when gaps are identified
- *requires a yearly PII audit*
- extends the requirements to contractors that host or process PII data for the govt
- establishes many, many rules with data brokers
If made into a law and applied to private companies, this could generate a slew of additional work for anyone who isn’t already doing all they can to protect our personal information.
Technorati Tags: 
Recent Comments
2 days 6 hours ago
5 days 7 hours ago
7 weeks 1 day ago
15 weeks 1 day ago
15 weeks 2 days ago
16 weeks 1 day ago
17 weeks 3 days ago
18 weeks 11 hours ago
28 weeks 4 days ago
28 weeks 4 days ago