Skip Navigation

NAID applauds call for national breach notification in U.S.

8 May 2014

While NAID leaders continue to gear up for an aggressive state-level campaign to create or improve data destruction laws, they applaud the recommendation from the Obama administration to create a national data breach notification.

NAID leadership has long maintained that the national health care breach notification provisions of the Health Information Technology for Clinical and Economic Health (HITECH) Act would pave the way for a general breach notification. Further, opposition from large financial institutions, which have stalled national notification initiatives, is now waning in favor of a more consistent national law. Privacy advocates worry, however, they will also use the national notification law to lower the related liabilities. Some experts believe this would not be the case if the HITECH model is used. Health data breach notification at the national level is currently more onerous than the state laws.

Whether it is breach notification or, down the road, a national data destruction law, consumers and the secure data destruction industry would be served better by a national law. As it stands, states are growing reluctant to enforce their laws since such enforcement is often seen as detrimental to economic development. They fear businesses will stay away from states where the data protection laws are heavily enforced. With a nationwide law and enforcement, such parochial state-level concerns will not be an issue.

As for the NAID campaign to promote better destruction laws in the states, members will soon be able to access a whitepaper, and other supporting documents, that they can then use to get the attention of their state legislators. NAID will also be looking for state-level coordinators from among its members to help. NAID is also seeking exposure in the National Association of Attorneys General (NAAG) and the National Governors Association (NGA).