Provides for notification to the commissioner of insurance of breaches of data security in systems containing certain personal information relating to consumers. (8/1/16)
The provisions of SB103 aim to enhance the robustness of data protection by enforcing a strict notification system when breaches occur. This could significantly impact state laws concerning data privacy, compelling regulated entities to adopt more vigilant data management and security practices. The enhanced reporting requirements may foster accountability and transparency regarding data breaches, thus potentially benefiting consumers by increasing trust in how companies manage their personal information.
Senate Bill 103 (SB103) focuses on establishing protocols for notifying the commissioner of insurance regarding data breaches involving personal and protected health information. The bill mandates that any individual or entity regulated by the Department of Insurance must inform the commissioner within ten days of discovering a security breach within any data processing system containing such information. This applies not only to their own systems but also includes breaches from third-party service providers, regardless of whether the personal data was actually compromised. Each report must describe the incident and update the commissioner on subsequent developments.
The general sentiment surrounding SB103 appears to be largely supportive among consumer advocacy groups who see it as a necessary step toward better consumer protection in the face of rising data breaches. However, there are concerns among some industry representatives regarding the increased regulatory burden and the potential for significant fines for noncompliance. This could lead to fears of overreach in regulation, especially if the penalties for breaches seem excessively punitive.
Notable points of contention revolve around the bill's provisions on reporting and compliance. Critics argue that the requirement to report every breach, regardless of its significance, could lead to a climate of fear among businesses and might overwhelm the regulatory infrastructure. Additionally, there are discussions about the balance between necessary reporting and the implications for law enforcement investigations, as the bill allows for delays in notifications if they are deemed to hinder ongoing investigations.