Senator Feinstein’s proposed data breach notification law, Data Breach Notification Act of 2011 (S. 1408) has been placed on the Senate Legislative Calendar under General Orders. Calendar No. 310. The bill, which I have criticized in both its past and current incarnations is an incredibly weak bill that would provide little information to affected consumers, uses vague terms like “without unreasonable delay,” and allows the entity to decide not to notify based on their own risk assessment – although they would have to explain why and could be overruled by the government.
As the bill would pre-empt much stronger state data breach notification laws, this bill needs to be killed. Permanently. It was never a good bill and will never be a good bill.