FBI, Congress Considers National Data-Breach Law
Source: Tom's Guide US | Keywords: Government, National, Data, Breach, Law | Themes: The Internet, Software
Companies may be forced to tell potential victims of data breaches.
During a cybersecurity discussion held Wednesday in Washington D.C., Jeffrey Troy, chief of the FBI's Cyber Criminal Section, said that law enforcement agencies could get a better grip on fighting the surge of cybercrimes if businesses were legally required to report data breaches to potential victims. Essentially this "data-breach notification bill" would allow agencies to link those attacks to others and possibly stop similar attacks at other organizations.
According to PCWorld, Troy told the attendees that, when dealing with cybersecurity issues, companies need to think beyond their walls. "They have to recognize that the Internet has become a global platform for commerce," he said. "The people that are stealing information from you ... are going after the money." He also added that an attack on one company could be used again with another company.
Currently around 45 states have already passed localized data breach notification bills, however Congress has yet to pass a bill into federal law despite attempts by some Congress members over the last several years. The biggest roadblock thus far seems to be the Personal Data Privacy and Security Act, limiting how data brokers can use personal information.
Before the end of the year, the Senate Judiciary Committee will try to push a comprehensive cybersecurity bill to the Senate floor, and will contain the proposed data-breach notification bill. Symantec CIO David Thompson looks forward to the bill, saying that it's difficult to comply with the current 45 different state laws.
-
Previous News Article
Nintendo: New, Big DSi Coming... -
Next News Article
UK Terminating Naughty File...
The Feds need to get to it. I'd prefer it to be mandatory for all 50 states to have to report potential personal information breaches. It's best for consumers.
Good for the consumer bad for the business
1. There would be a website listing every company that was breeched talk about a PR nightmare
2. Any company not hit yet would be made a target by non-malicious / "ethical" hackers, thus leading to holes to be exploited.
Good idea but won't really change anything. I always just assume that every site I enter my credit card into has or will be hacked, and its up to me to make sure i'm still me and pablo in BFE florida.
Requiring to report to the authorities is okay, but being required to tell possible consumers isn't really! Anybody who has a bit of buying power is a possible consumer! And besides, people want to know the internet is safe for shopping, not that you're being robbed blind if you use it.
If your credit card details or other potential sensitive data is stolen, then the company has to tell you, there is no logical argument against it, surely if they don't and that data is then used to commit fraud or steal money then the company should be made liable,
I better damn well know when a company that has my personal information gets hacked, I'de feel a little better hearing it from them then from CNN or Fox news.
These data breaches and thefts are largely due to a lagging business culture. Google “I.T. WARS” and you can read a good bit of it on Google Books – it’s also in many libraries. Read some fresh and original thinking here - http://www.businessforum.com/DScott_02.html - I urge every business person and IT person, management (IT Governance) or staff, to get hold of a copy of “I.T. Wars: Managing the Business-Technology Weave in the New Millennium.” It has an excellent chapter on security, and how to scale security for any organization, any budget. It also has a plan template with all considerations. Our CEO has read this book. Our project managers are on their second reading. Our vendors are required to read it (they can borrow our copies if they don’t want to purchase it). Any agencies that wish to partner with us: We ask that they read it. In the realm of risk, unmanaged possibilities become probabilities.
Bad for the consumer and bad for the company. We don't need more federal laws. Let the states make their own laws and enforce their own laws.