Execs Testify In Favor Of National Data-Security Law
Executives from Bank of America, ChoicePoint, and LexisNexis also explain what they're doing to protect customer data.
Executives from companies stung by losses or theft of customer information vowed Wednesday to do more to safeguard sensitive information and backed a federal law to require disclosure if customer data is compromised.
In prepared testimony for a hearing by the House Committee on Financial Services, executives from Bank of America, ChoicePoint, and LexisNexis supported legislation patterned after California's law requiring companies to notify customers about security breaches.
ChoicePoint Inc., the information broker whose disclosure of a security breach set off a furor over privacy and identity theft, favors existing laws such as the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act, as well as a "pre-emptive" national law for notifying consumers when a breach has occurred, said Don McGuffey, senior VP for data acquisition and strategy.
In March, ChoicePoint discontinued the sale of information products that contain sensitive consumer data, including Social Security and driver's license numbers, except where there's a specific consumer-driven transaction or benefit, or where the products support government and criminal-justice purposes.
Reed Elsevier plc's LexisNexis division, which last month said data on 310,000 individuals might have been compromised, supports a national reporting law, as well as increased penalties for ID theft and increased resources for law enforcement, said Kurt Sanford, president and CEO for U.S. corporate and federal government markets. The company has tightened its security procedures, such as truncating Social Security numbers displayed in nonpublic documents and limiting access to full Social Security and driver's license numbers to law-enforcement agencies, banks, and other legally-authorized entities, Sanford said.
Bank of America, which disclosed that backup tapes containing customer and account information for 1.2 million government charge-card holders were lost in transit, has implemented corporatewide package-delivery carrier services for backup tape transport, said Barbara Desoer, global technology, service, and fulfillment executive. The bank, she said, favors a "national approach to information security guidelines."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.