Sen Feinstein Bill Would REQUIRE Disclosure
Results 1 to 3 of 3

Thread: Sen Feinstein Bill Would REQUIRE Disclosure

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Sen Feinstein Bill Would REQUIRE Disclosure

    Senator Dianne Feinstein (D-California) has put forth a proposal mimicking a California state law that requires corporations to notify customers in the event that their personal or confidential data is compromised.

    SecurityFocus Article

    This is the exact opposite of what the Bush Administration and the Department of Homeland Security have been trying to accomplish. They have been seeking an exemption to the US Freedom of Information Act for hacking or intrusion incidents reported by corporations so that they will volunteer such information without fear of public backlash.

    The problem in my opinion with Senator Feinstein's proposal is that the financial penalties are not compelling enough. It would still be in the best interests financially for many companies to risk getting caught and paying the penalties rather than disclosing news of a security breach and losing consumer and shareholder confidence.

    Here is my article on About.com regarding this topic: To Disclose Or Not To Disclose

    I am curious if others think it makes more sense to exempt corporations from the Freedom of Information Act to entice them to cooperate, or to enact laws requiring them to disclose information of security incidents in hopes that they will not choose to hide the information anyway.

    Thoughts?

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Tony, I aggree with your assesment, that the bottom line and customer confidence will be most companies basic guide lines.
    From the artical: To Disclose Or Not To Disclose, by Tony Bradley
    Applying the same logic here I predict Senator Feinsteinís bill may lead to secretive meetings in boardrooms and confidential memos being sent back and forth to decide what the break-even point is to the bottom line and whether it makes better financial sense to disclose information of an attack or hide information of the attack and hope that it never gets leaked.
    I don't think that the administrations idea of persuasion will work either. The sharing of information is essential to catching the hackers, as your showed in your example, but how to gain this information......I don't know. Depend on the involved companies to do the right thing? I don't think so.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I really can't comprehend any real motivation for this law?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides