July 2nd, 2003, 02:03 PM
Sen Feinstein Bill Would REQUIRE Disclosure
Senator Dianne Feinstein (D-California) has put forth a proposal mimicking a California state law that requires corporations to notify customers in the event that their personal or confidential data is compromised.
This is the exact opposite of what the Bush Administration and the Department of Homeland Security have been trying to accomplish. They have been seeking an exemption to the US Freedom of Information Act for hacking or intrusion incidents reported by corporations so that they will volunteer such information without fear of public backlash.
The problem in my opinion with Senator Feinstein's proposal is that the financial penalties are not compelling enough. It would still be in the best interests financially for many companies to risk getting caught and paying the penalties rather than disclosing news of a security breach and losing consumer and shareholder confidence.
Here is my article on About.com regarding this topic: To Disclose Or Not To Disclose
I am curious if others think it makes more sense to exempt corporations from the Freedom of Information Act to entice them to cooperate, or to enact laws requiring them to disclose information of security incidents in hopes that they will not choose to hide the information anyway.
July 2nd, 2003, 02:36 PM
Tony, I aggree with your assesment, that the bottom line and customer confidence will be most companies basic guide lines.
From the artical: To Disclose Or Not To Disclose, by Tony Bradley
I don't think that the administrations idea of persuasion will work either. The sharing of information is essential to catching the hackers, as your showed in your example, but how to gain this information......I don't know. Depend on the involved companies to do the right thing? I don't think so.
Applying the same logic here I predict Senator Feinsteinís bill may lead to secretive meetings in boardrooms and confidential memos being sent back and forth to decide what the break-even point is to the bottom line and whether it makes better financial sense to disclose information of an attack or hide information of the attack and hope that it never gets leaked.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
July 2nd, 2003, 04:13 PM
I really can't comprehend any real motivation for this law?
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.