AfterDawn: Tech news

BSA urges U.S. Congress to pass Data Breach legislation

Written by James Delahunty @ 20 Jun 2011 10:38

BSA urges U.S. Congress to pass Data Breach legislation The Business Software Alliance (BSA) hopes this time the U.S. Congress can bring Data Breach law to a national level.
News of major data breaches at some of the world's largest online services has been plastered all over the headlines this year. Some of the high profile cases include Sony's PlayStation Network (PSN) and SEGA's ongoing investigation of a data breach that affects over one million people.

Other attacks of an even more serious nature have targeted the International Monetary Fund (IMF), Lockheed Martin in the United States and the European Union. However, what the BSA is really concerned about is how consumers will react to data breaches in systems run by the likes of Sony, and how it will effect confidence as industry and commerce moves even further into cyberspace than ever before.

The rise of cloud computing, for example, is promising for both enterprise and home customers as a low cost solution for all kinds of data computing and mass storage. The BSA is concerned that after the PSN hack saga and the increasing number of attempts to acquire consumers' personal information, a lack of confidence in data security could hurt the emergence of cloud-based services.

The BSA, and members of both houses of the U.S. Congress, believe that two things should be required of companies possessing personal information of citizens. Firstly, the information should be strongly protected by data encryption solutions, so that if there is a mass breach (such as a stolen database), it will become extremely hard or impossible for the attackers to decipher the information.

Secondly, the firm in question should be bound by law to make the breach publicly known, especially if users' personal information is at significant risk.

Last Wednesday, BSA President and CEO Robert Holleyman testified before the House Energy and Commerce Committee to push for Data Breach legislation to the passed on a national level. "This is now the fourth Congress to consider data breach legislation," said Holleyman. "The time to act is now. The need is clear, as are the solutions."

The hearing was set to discuss draft legislation introduced by Rep. Mary Bono Mack (R-Calif.), Chairman of the Subcommittee on Commerce, Manufacturing, and Trade. The draft bill (which you can download here) states its goal is to, "protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach."

Holleyman endorsed the key provisions of the bill.

He testified: "The bill requires organizations that hold sensitive personal information to implement reasonable security procedures, taking into account an organization’s size, the scope of its activities, and the costs involved. It creates incentives to adopt strong security measures by promoting the use of technologies such as encryption, which render data unusable, unreadable, or indecipherable to thieves if they manage to steal it. And it requires notifying consumers when there is a significant risk of identity theft, fraud or unlawful activity."

He also pointed out that over 2,500 data breaches have been recorded since 2005, and pointed out that in the procrastination of Washington on this issue, individual states have already stepped up to mandate notification in the event of a data breach.

In 2002, a California data breach law was enacted (went into effect in July, 2003) that required firms to report a breach of unencrypted data to possibly effected users (although it allowed delays in notification if law enforcement determined it would stifle an investigation.) Most other U.S. states that have enacted data breach rules have followed California's example. A number of bills have been proposed at the national level, but none have been successful so far.

Previous Next  
Comments have been disabled for this article.

Latest news

Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments
How to Enable Bluetooth on Stadia Controller How to Enable Bluetooth on Stadia Controller (11 Feb 2023 1:04)
Google shut down its streaming game service Stadia late last month and this means that some people have Stadia controllers lying around that seem to be of no use. That is fortunately not the ....
2 user comments
Guide: How to Kick Unwanted Guests from Your Netflix Account Guide: How to Kick Unwanted Guests from Your Netflix Account (26 Jan 2023 2:14)
Sharing a Netflix account with a person in a different location is possible and indeed very common, although the company doesn't necessarily enjoy this behavior from their customers. However, ....
2 user comments

News archive