Software // Information Management
12:57 PM

National Data Breach Notification Debate Heats Up

The Cyber Security Industry Alliance and others are urging Congress to adopt a national standard for consumer protection and notification.

The push for a national data breach notification is heating up.

With more than 160 million data breaches since 2005, legislatures in 35 states have passed laws requiring businesses and government agencies to notify consumers if their personal information has been compromised due to a security breach. Identity theft accounted for a greater percentage (36%) of the 674,354 complaints to the Federal Trade Commission from January 1, through December 31, 2006.

As a result, the Cyber Security Industry Alliance this week urged adoption of national standard for consumer protection and notification.

"CSIA strongly urges Congress to pass legislation establishing a consistent national law for all holders of sensitive personal information that will require organizations to safeguard data and establish uniform notification requirements when a security breach presents a risk of harm to consumers," the group stated in a brief released on its Web site.

Local, state and federal governments are responsible for 25% of all data breaches, according to the recommendation.

Entrust Chairman, President and CEO Bill Conner, agrees that federal lawmakers should adopt CSIA's standards.

"In order to truly take an important step to increase national security in the U.S., Congress needs to pass a national data breach law that emphasizes encryption and promotes higher security standards," he said in a prepared statement. "With millions of personal records being compromised in the last year alone, the government needs to continue to move quickly to mandate a national data breach notification bill with appropriate security measures -- like encryption and stronger authentication -- that truly protects the consumer's information.

Connor said sensitive information is threatened daily, data breaches affect all Americans, and security threats will continue to evolve. He urged companies and governments to take a layered and adaptable approach to security.

"Leveraging a layered security model, organizations should be required to protect consumer information -- social security numbers, PINs , credit card numbers -- by protecting gaps in many of today's vulnerable information environments," he said. "Organizations have numerous gaps where sensitive data is more vulnerable -- laptops, e-mail, remote access, shared files and folders -- and a layered security approach can help address these gaps."

Connor launched and co-chaired the Business Software Alliance Information Security Governance Task Force, backed the EastWest Institute Worldwide Security Forum, which hosted an international dialogue on security, and was appointed by former Secretary of Homeland Security Tom Ridge to co-chair the Corporate Governance Task Force of the National Cyber Security Partnership, which released the report "Information Security Governance: A Call to Action" in April 2004. He also has testified before Congress numerous times on issues of cyber security including the importance of national data breach legislation.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.