
Despite recently suffering massive data breaches themselves, representatives from Sony and Epsilon have thrown their support behind a new piece of legislation that would enact stricter, more sweeping data security measures, the Associated Press reports.
Under the proposed bill, companies affected by data breaches would be required to notify the individuals whom potentially had their personal information accessed or stolen. This legislation seeks to unify the 47 individual data breach notification laws currently in use throughout the country.
Speaking before a House Commerce subcommittee, executives from both companies stated their support for the new measure, the report stated.
"Laws – and common sense – provide for companies to investigate breaches, gather the facts, and then report data losses publicly," said Tim Schaaf, president of Sony Network Entertainment International.
While both the companies suffered huge data security failures, Sony's actions following the breach have been under intense scrutiny. Many have criticized the electronics giant for failing to notify affected individuals promptly of the breach, which may have exposed personal information of more than 100 million PlayStation Network account holders.
"In effect, Sony put the burden on consumers to search for information instead of providing it to them directly," said Representative Mary Bono Mack, chair of the Subcommittee on Commerce, Manufacturing and Trade. "That cannot happen again."
While the newly proposed bill is intended to simplify data breach notifications around the country, not all are as enthusiastic about the legislation as Sony and Epsilon. David McIntosh, partner of the law firm Ropes & Gray, recently asserted that the law is not comprehensive enough, according to an eWeek report.
Because the bill would change some of the rules about what constitutes personally identifiable information, more data breaches are likely to be reported. However, this does not mean more breaches have occurred. This may cause confusion and result in more penalties for companies that suffer breaches.
However, McIntosh did assent that the bill was, overall, an improvement.