A national law should trump state rules, but current proposals aren't strong enough, company says
Recoiling from the idea of 50 different state privacy laws, Microsoft has come out in favor of a federal standard for personal data security.
Speaking to congressional staffers in Washington, a Microsoft vice president said that the bills currently being considered at the federal level actually don't do enough. They should set security standards for both physical and digital data, make the data transparent to consumers, and allow consumers to opt out of collection, he said.
A House committee is considering HR 4127, which would require reasonable security, plus notification in the event of data theft, but there is no mention of physical data or consumer oversight. The Senate is considering S 1789, which resembles the House version but with exemptions for those businesses already regulated by HIPAA or Gramm-Leach-Bliley.
There are currently data privacy laws in 20 states.
Source: IT Compliance Institute