The Computing Technology Industry Association (CompTIA) today announced that Dan Liutikas, its chief legal officer, testified before the U.S. House of Representatives Small Business Subcommittee on Commerce, Manufacturing and Trade on the need for national data breach notification reform and how the current patchwork of conflicting state data breach notification requirements is creating a huge regulatory compliance burden on small and medium-sized businesses (SMBs) in the innovation-driven IT sector.
Liutikas serves on the Board of Directors of CompTIA and also leads various initiatives in developing legal and regulatory resources for the membership, collaborating on initiatives with the public advocacy group and bringing together the IT legal community to jointly focus on key industry initiatives.
In his testimony, Liutikas stated, “Today, there are 46 state data breach notifications laws, including the District of Columbia, enacted across the country. This patchwork of state data breach notification (DBN laws) creates significant compliance obligations since no two state data breach laws are exactly the same. Moreover, many state DBN’s are in conflict with each other.”
Liutikas stated that with the increasingly mobile economy, these laws are getting even more complicated to understand since it is not always clear about the geographic boundaries of where a data breach may have actually occurred which can be different from where a consumer may actually reside.
He also emphasized that the creation of a national framework for data breach notification can go a long ways towards promoting effective consumer notice, reducing costs and eliminating barriers to entry for SMB firms.
“A national framework for data breach notification can serve as an incentive toward the expansion of IT services across state lines. For instance, when an IT firm considers expanding its business across state lines it must take into account the state regulatory and compliance obligations of that state. A national framework for data breach notification would provide regulatory relief from the additional state data breach compliance obligations.”
Liutikas also recommends several principles to incorporate into a national data breach notification framework, which CompTIA believes would also receive broad industry support.