New Year, New Legislation:
States Move on Data protection, Direct Mail

As a new year begins, a number of states have already introduced legislation to protect personal data and restrict direct mail marketing. Data protection legislation has also been introduced in the Senate, and we expect more to come. Below is a summary of legislation already introduced this month.


Data Protection

In Virginia, Delegate Robert Brink of Arlington and Senator Janet Howell introduced data protection legislation requiring businesses to notify consumers if there is a security breach involving their personal information. However, as has become the standard in most state bills, this one also will not likely affect Kids in the Know because of the limited definition of ”personal information” [person’s first initial and last name in combination with a social security number, driver’s license number, or financial account information].

As he introduced the bill, Delegate Brink said, "Giving people the right to know if their personal information is lost or stolen may seem like common sense, but Virginia has not followed the lead of 34 other states in requiring this important notification.”

Michigan is among those 34 states, as Gov. Jennifer Granholm recently signed into law the “Identity Theft Protection Act,” effective July 2, 2007. Similarly, Arizona, Rhode Island, West Virginia, Washington, Texas, Oregon, New York, Montana, and Alaska have also introduced data notification legislation this month. None of these bills affect Kids in the Know because of their definition of personal information.


Direct Mail

This year states are also offering bills to restrict direct mail marketing. In Washington, legislators recently introduced legislation establishing a “do-not-mail” registry in which direct mail marketers would be restricted from sending mail to any consumer on the list more than 30 days after they sign up. In New York, Assemblyman David McDonough offered a similar bill establishing “do not mail/e-mail” statewide registry as he has done in previous sessions. However, his attempts in the past have not come to fruition, and we suspect the same result this year due to the high number and wide variety of organizations and businesses that oppose such legislation.


Federal Level

At the national level, Sen. Dianne Feinstein (D-CA) introduced the “Notification of Risk to Personal Data Act of 2007” this month in the Judiciary Committee. This bill would require Federal agencies and persons engaged in interstate commerce to disclose any breach of sensitive personally identifiable information. While the bill text is not yet available, we expect it will not directly impact Kids in the Know as similar bills introduced by Feinstein in the past have not. We also anticipate additional legislation to be introduced in Congress on this issue, and will continue to monitor and keep you posted.