California was the first state to come out with comprehensive legislation that required companies to implement adequate safeguards to protect privacy and security of information collected for business purposes. Termed SB1386, it heralded a new era in compliance and assurance legislation - and today, 18 US states have passed privacy and security laws in some form or the other.

The Personal Data Privacy and Security (PDPSA) bill applies to any business “engaging in interstate commerce that involves collecting, accessing, transmitting, using, storing, or disposing of personally identifiable information in electronic or digital form on 10,000 or more U.S. persons.”

It is really aimed at codifying a federal bill in response to over 18 state data protection laws incorporating breach notification, many of which are modeled after California’s SB 1386.

A 91-page bi-partisan bill “The Personal Data Privacy and Security Act of 2005” (PDPSA), cosponsored by senators Patrick Leahy and Arlen Specter is currently in front of congress designed “to prevent and mitigate identity theft; to ensure privacy; and to enhance criminal penalties, law enforcement assistance, and other protections.”

Watch this space for further details.

Certainly seems like things are tightening up as awareness of privacy and security grows at the consumer level.

Expect companies to be face stiff penalties for non compliance and executive officers to be held individually and severally liable - this will force most medium to large companies in B2C space to take proactive measures to secure their databases, internet facing applications and consumer interfaces.

Do send us your comments,

RiOn