Brandon C. Ge, Associate in the Health Care and Life Sciences practice, in the firm's Washington, DC, office, was quoted in E-Finance & Payments Law & Policy, in “Federal Breach Notification Standard Proposed in US.”
Following is an excerpt (see below to download the full article in PDF format):
“With varying requirements from state to state, businesses have to keep track of different deadlines, content requirements for notification letters, and a host of other provisions, which can be costly and time-consuming,” said Brandon Ge, Associate at Epstein Becker Green.
The proposed legislation would pre-empt state laws relating to notification of breaches of computerised data, although state laws would still be able to require that a breach notice included information relating to victim protection assistance that the state provides.
“The potential downside to a federal standard is that the proposed bill would supersede stronger state laws, and there are those who favour disclosures faster than 30 days,” explains Ge. “This can be remedied by making the federal standard merely a baseline and allowing states to establish stronger standards. However, this would water down the bill’s effectiveness in resolving the current fragmentation in data breach law.”