Facebook CEO Mark Zuckerberg testified before Congress last month regarding Cambridge Analytica’s unauthorized use of data of an estimated 87 million Facebook users to profile and target voters during the 2016 U.S. presidential election. During questioning, Senator Amy Klobuchar of Minnesota asked whether Zuckerberg would support a rule requiring Facebook to notify its users of a data breach within 72 hours, and Zuckerberg suggested that he would. Thereafter, on April 23, Senators Klobuchar and John Kennedy of Louisiana introduced the “Social Media Privacy Protection and Consumer Rights Act of 2018” (S. 2728), which would require “covered online platforms,” including public-facing websites, web applications, mobile applications, and email services, to provide notice of a data breach to affected users within 72 hours of learning that personal data about the users was inappropriately transmitted.

Amidst the patchwork of competing state laws and sector-specific federal standards, support has been growing for a preemptive federal standard for notification following a cybersecurity incident involving the exposure of personal information. Currently, notification following a breach is governed by 50 different state laws, as well as sector-specific standards such as the Gramm-Leach-Bliley Act (applicable to the financial services industry) and the Health Insurance Portability and Accountability Act (applicable to personal health care information). These laws vary widely with respect to the requirements they impose on covered entities, including the categories of compromised data and types of compromise that trigger a notice requirement, the time frame within which notice must be provided, and the information that must be included in any notice.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]