National Data Breach Notification Debate Heats Up

The Cyber Security Industry Alliance and others are urging Congress to adopt a national standard for consumer protection and notification.

K.C. Jones, Contributor

August 9, 2007

2 Min Read
InformationWeek logo in a gray background | InformationWeek

The push for a national data breach notification is heating up.

With more than 160 million data breaches since 2005, legislatures in 35 states have passed laws requiring businesses and government agencies to notify consumers if their personal information has been compromised due to a security breach. Identity theft accounted for a greater percentage (36%) of the 674,354 complaints to the Federal Trade Commission from January 1, through December 31, 2006.

As a result, the Cyber Security Industry Alliance this week urged adoption of national standard for consumer protection and notification.

"CSIA strongly urges Congress to pass legislation establishing a consistent national law for all holders of sensitive personal information that will require organizations to safeguard data and establish uniform notification requirements when a security breach presents a risk of harm to consumers," the group stated in a brief released on its Web site.

Local, state and federal governments are responsible for 25% of all data breaches, according to the recommendation.

Entrust Chairman, President and CEO Bill Conner, agrees that federal lawmakers should adopt CSIA's standards.

"In order to truly take an important step to increase national security in the U.S., Congress needs to pass a national data breach law that emphasizes encryption and promotes higher security standards," he said in a prepared statement. "With millions of personal records being compromised in the last year alone, the government needs to continue to move quickly to mandate a national data breach notification bill with appropriate security measures -- like encryption and stronger authentication -- that truly protects the consumer's information.

Connor said sensitive information is threatened daily, data breaches affect all Americans, and security threats will continue to evolve. He urged companies and governments to take a layered and adaptable approach to security.

"Leveraging a layered security model, organizations should be required to protect consumer information -- social security numbers, PINs , credit card numbers -- by protecting gaps in many of today's vulnerable information environments," he said. "Organizations have numerous gaps where sensitive data is more vulnerable -- laptops, e-mail, remote access, shared files and folders -- and a layered security approach can help address these gaps."

Connor launched and co-chaired the Business Software Alliance Information Security Governance Task Force, backed the EastWest Institute Worldwide Security Forum, which hosted an international dialogue on security, and was appointed by former Secretary of Homeland Security Tom Ridge to co-chair the Corporate Governance Task Force of the National Cyber Security Partnership, which released the report "Information Security Governance: A Call to Action" in April 2004. He also has testified before Congress numerous times on issues of cyber security including the importance of national data breach legislation.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights