Firms Managing Databases Liable for Breaches Under Laws Being Considered by States, Congress

TAMPA, FL—August 22, 2014—A legislative survey by 360 Advanced P.A. shows the U.S. Congress and some states are considering legislation that would require organizations managing databases of personal information to put in place safeguards against hacking—or face significant fines after a breach. In its analysis of data assembled by the National Conference of State Legislatures and www.govtrack.us, 360 Advanced concluded that with ever-increasing numbers of data breaches, lawmakers are determined to hold accountable firms managing personal information.

“Our analysis of pending legislation requiring data security safeguards and stiff penalties for non-compliance sends a chill across an entire industry that is already moving swiftly toward voluntary compliance on numerous levels,” said Dan Collins, president of 360 Advanced, P.A., a national, multi-service, licensed Certified Public Accountant (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers. “It is one thing for state and federal legislators to strengthen data breach reporting requirements, which is indeed appropriate, but it’s another matter entirely when they consider legislation that would punish service providers for being hacked.”

In the U.S. Congress, three pending bills, S1976, S2378 and HR4711 all outline the responsibilities of personal information database service organizations to take precautions to protect personal data from being hacked, and provide for severe penalties of up to $5 million for failure to comply.

In the states, California, Florida, Iowa, Kentucky, Louisiana, Minnesota, and New Mexico are considering legislation mandating steps that must be taken to protect consumer information, with penalties for non-compliance, while 12 other states are toughening data breach reporting requirements. Visit http://www.ncsl.org/research/telecommunications-and-information-technology/overview-security-breaches.aspx for more information.

About 360 Advanced PA
360 Advanced’s services are provided, but not limited to, the following industries: Hosted and Managed IT, Data Center and Colocation, Software as a Service (SAAS), Security and, Development, Healthcare, Financial Services, Insurance, HR | Payroll | PEO, Legal and Collections, Bulk Mail Printing and Distribution, and Business Process Outsourcing. Services provided by 360 Advanced include SOC 1: SSAE 16 (SAS 70); SOC 2; SOC 3; PCI DSS, Experian E13PA; HIPAA Security/HITECH; ISO 27001, 2700; BITS shared Assessment; Microsoft Vendor Policy; Security Consulting.

Source: 360 Advanced PA.