Skip Navigation

Targeted Senate Bill S-1408 Progresses

Bookmark and Share

The Senate Commerce Committee has approved a revised version of the draft of S-1408 that has even better disposal language than the original. Senate Commerce Committee now becomes the first Congressional Committee to act on security breach legislation; though it is holding off sending its bill to the Senate Floor until jurisdictional issues are worked out with the Senate Banking Committee.



(a) IN GENERAL. — A covered entity will develop, implement, maintain, and enforce a written program for the security of sensitive personal information the entity collects, maintains, sells, transfers, or disposes of, containing administrative, technical, and physical safeguards--

(1) to ensure the security and confidentiality of such data;

(2) to protect against any anticipated threats or hazards to the security or integrity of such data; and

(3) to protect against unauthorized access to, or use of, such data that could result in substantial harm to any individual.

(b) COMPLIANCE WITH FTC STANDARDS REQUIRED. — A covered entity that is in full compliance with the requirements of the Commission’s rules on Standards for Safeguarding Customer Information and Disposal of Consumer Report Information and Records is deemed to be in compliance with the requirements of subsection (a).


As you can read, disposal considerations must be part of the required security program and every business that collects personal information, including employee information, will be required to have a written security plan that defines its destruction procedures. The reference to the FTC's disposal rule makes clear what standards Congress expects.

This is the draft legislation which NAID promoted. It is a big improvement on the FACTA Disposal Rule and its chances of making it through the process are excellent.

Stay tuned to NAIDDirect™ for more updates.