Results 1 to 4 of 4

Thread: Data Breach Responsibilities

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171

    Data Breach Responsibilities

    Regulations regarding Data Breaches have always had the same problem...California. They weren't adopted across the board in every State.
    Usually they start in California...then...slowly make their way to other States. Now...Congress is getting into the mix...it still won't solve the larger issue of cross-border regulation...but it's a start!

    After a series of data breaches earlier this year, members of the U.S. Congress raged about the irresponsibility of breached companies and introduced a flurry of bills requiring companies to notify affected customers when data is lost.

    Nine months after a breach at data broker ChoicePoint Inc. was announced, Congress has debated a handful of bills but no data notification bill has passed either the House of Representatives or the Senate. U.S. companies reported more than 60 data breaches between January and September this year, and Congress, as well as a number of state legislatures, responded with dozens of pieces of legislation, many modeled after a 2003 California law requiring companies to tell affected customers about data breaches.

    Despite an outcry over the dozens of data breaches this year, most observers say Congress is unlikely to pass a data breach notification bill until sometime in 2006, partly because of growing concerns that most of the bills would take a step backward from existing state laws. As Congress has focused on other issues late this year, some consumer and privacy groups are in no hurry to see federal data breach notification legislation pass -- at least not most of the legislation introduced in Congress this year.

    "They're driving toward such a weak standard, [legislation] may get stuck," said Gail Hillebrand, senior attorney with Consumers Union, a consumer advocacy group. "If it's that weak, it should get stuck."

    Twenty-one states have now passed some form of a data breach notification bill, including a tough New York law that makes no exception for small data breaches or breaches unlikely to result in identity theft, set to go into effect next month. A "patchwork quilt" of state laws, as some critics have called the multiple laws, has caused some large businesses and trade groups to call for a national law that preempts state laws.

    Many of the congressional bills allow breached companies to decide if the breach is likely to lead to identity theft, and thus warrants consumer notification. Consumers Union and privacy advocacy groups such as the Center for Democracy and Technology (CDT) say companies would have little incentive to report any breach without some government oversight.
    http://www.infoworld.com/article/05/...achbill_1.html
    Data breach bills unlikely to pass before 2006 | InfoWorld | News | 2005-11-11 | By Grant Gross, IDG News Service

  2. #2
    I think it was back in 2002 when I and about 3 million other military service members had our records stolen from a high tech database in Arizona. The high tech means used to steal our data... walking in the front door of a high security building and removing the hard drives from the servers. The punishment on the company, TriCare I believe, for loss of all our data.... nothing (I don't know the exact repercussions, but I know they still are a big player with military insurance).

    I wonder what big loss of money or security had to occur for congress to actually become "outraged."
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  3. #3
    I remeber reading about people that were walking out with hardware (storage devices) from the Los Alamos national laboratory. I think this was after the Wen Ho Lee deal!

  4. #4
    Well, Captain, that just goes to show ya that Congress only cares about the soldiers and vets so long as DC (and their collective asses) ain't on fire. Soon's their respective constituents get burned, though ...

    We are one of the states that adopted a California-style disclosure law. There are flaws in it, and these are going through some review now.

    But, it did have an impact on how we re-wrote our incident response standards and procedures and security policy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •