The Data Security and Breach Notification Act of 2012 would set a national standard for data breach notification. It would trump a system in which 46 states, Washington, D.C., Puerto Rico and the Virgin Islands all have different laws. The bill requires companies to take “reasonable measures” to protect data. But security experts are less enthused about the specifics in the bill regarding the protection of data and the lack of a specific deadline for notification. The law doesn’t even specify a deadline.”]
Source: https://www.csoonline.com/article/2131906/data-breach-bill-leaves-lots-of-wiggle-room.html