Michael Bloom

Document Type




This Note argues that current law is inadequate to protect consumers in light of the prevalence and severity of data breaches in recent years, and that a unifying federal legislation combining portions of state law and the DSBNA should be enacted. Part I of this Note analyzes the DSBNA for notification requirements when data breaches occur, the requirements for the implementation of security policies, regulatory mechanisms for monitoring compliance with these requirements, and criminal penalties for failing to comply. Part II summarizes the various state laws that exist for notification of data breaches. Part III proposes a model federal statute that combines aspects of the DSBNA with current state law. Specifically, Part III argues that a preemption provision is important for creating a unified federal standard, but that provision should create exceptions for robust protections that consumers already enjoy under state law. It also argues for the inclusion of a private right of action for consumers, the removal of a reasonable risk of harm analysis, and a provision that mandates cyber risk insurance for certain covered entities.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.