My younger readers probably won’t get the reference in the title of this post. If you’re that person, Google Mr. Smith Goes to Washington and learn about the classic 1939 movie starring the late, great Jimmy Stewart. Now on to my post…
Businesses like mine are the lifeblood of our national economy. They employ more than half of the country’s private sector workforce.
Internet & Telephone, LLC is proud to be part of the economy. We employ professionals with IT infrastructure expertise and contribute to our local economy through our work with regional and national employers to keep their businesses competitive by leveraging IT as a strategic asset. We also help our local communities through philanthropic activities and work closely with higher education to provide internship opportunities for students interested in exciting IT careers.
I am thrilled to join forces with fellow IT colleagues to advocates in Washington, D.C., on
February 14-15, to speak with Members of Congress about issues that are critical to the future of my business and the overall tech industry. The annual “Fly-ln” is organized by CompTlA to advocate on behalf of the tech community.
CompTlA, the Computing Technology Industry Association, represents technology companies of all sizes and is committed to expanding market opportunities and driving the competitiveness of the U.S. technology industry around the world.
Innovation is a key force behind a strong 21st century economy, and our leaders should prioritize issues that affect growing companies like Internet & Telephone, LLC.
While in Washington I will visit Senator Hassan‘s, Congresswoman Shea-Porter‘s, Congresswoman Kuster‘s, Senator Warren‘s and Senator Markey‘s office to advocate on tax reform, workforce development, cybersecurity, broadband communications and digital privacy – all are central to our industry. These legislative issues are key ingredients for helping technology firms like mine to become more competitive.
I am particularly looking forward to discussing with my elected officials the importance of:
Data Breach Notification
There is currently no national standard for how a company must notify its customers in the wake of a data breach. Instead, companies must navigate a complex web of 47 different, often conflicting, regularly changing state data breach notification laws in the aftermath of a breach. With the increasingly mobile and decentralized nature of our economy, data storage and dissemination technologies, it can be nearly impossible for companies to determine which state laws apply when a breach occurs. The current regulatory landscape not only places an immense financial compliance burden on businesses, but also delays the process of getting information into the hands of those who need it most: the customers whose data was compromised.
WHAT CompTlA SUPPORTS:
A national standard for data breach notification would provide consumers and businesses
with consistency and predictability on how consumer notice must be provided. Until
Congress passes a national standard, CompTlA and its membership continue to advocate
for the following in breach notice bills:
• “Harm” Trigger for Acquired Data: The notification requirement should be triggered when there is a real risk of actual harm, not a theoretical concept that could lead to over-notification about data breaches that aren’t harmful.
• No Private Right of Action: Individuals should not be able to sue companies who have suffered a data breach for actions covered by federal data security and data breach notification laws. The businesses who have suffered breaches are victims of criminal activity.
• Narrow Definition of “Personal Information”: To avoid over notification of consumers and unnecessary costs, the definition of “personal information” in the legislation should not include information accessible through public records. For example, merely the combination of a name, address and birthday should not qualify as personal information.
• Preemption of State Laws: Any federal data security and data breach notification law should preempt State laws and requirements. Without strong preemption language, the compliance burden for small businesses will not be alleviated and the effectiveness of any law would be significantly undermined.
• Exemption for use of Technology that Renders Data Unusable or Unreadable: Federal legislation should include an exemption from notification requirements for companies
who utilize technologies to render data unusable or unreadable. This exemption should
• Limits on Financial Penalties: Massive financial penalties are unwarranted, and could force small businesses out of existence. Penalties should be reasonable, and should take into account the size of the company that suffered the breach and the type of data that was accessed.
• No Fixed Data Security Requirements: Data security requirements should not be specifically enumerated within the legislation. Instead, the legislation should direct the government to work with industry to develop a set of flexible “best practices.”
• No Over-Burdensome Notification Requirements: Data breach notification legislation
should avoid overly prescriptive notification requirements. In the event of a breach, companies should dedicate their resources to efforts that most directly notify and protect consumers. Additional requirements, such as those mandating the creation of call centers or the provision of credit reports, would divert resources away from small businesses seeking to protect and inform their customers.
• Reasonable Notification Timeframe: Legislation should require a reasonable timeframe for notification, which includes allowances for risk assessment without requiring a specific time limit that must apply to every case.
• Take Other Laws into Account: Companies that are subject to other data security and/or
breach notification laws, such as HIPAA, Gramm-Leach-Bliley or the Fair Credit Reporting Act, should be exempt from these requirements.