The Data Accountability and Trust Act (H.R. 2221) was passed by the House on Tuesday. This act would requires the Federal Trade Commission to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses electronic data containing personal information to establish security policies and procedures.
This bill would preempt any state laws in the area, wiping out the Massachusetts Data Privacy Law [Massachusetts Amends Its Strict Data Privacy Law (Yet, Again)].
I thinks its a good thing to have a national standard in this area. The transient nature of personal data makes it hard to associate with a particular state. That means the most restrictive of the various state laws ends up becoming the national standard.
The downside is that we would have to wait for the FTC to draft the rules, go through the comment period and wait for implementation.
Of course, the Data Accountability and Trust Act is not the law yet. As I learned in School House Rock, H.R. 2221 is singing:
I’m just a bill.
Yes, I’m only a bill.
And I’m sitting here on Capitol Hill.
Well, it’s a long, long journey
To the capital city.
It’s a long, long wait
While I’m sitting in committee,
But I know I’ll be a law someday
At least I hope and pray that I will,
But today I am still just a bill.