BreachExchange mailing list archives
Data breach notification could benefit from federal action
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 3 Jan 2012 02:25:34 -0500
http://www.businessinsurance.com/article/20120101/NEWS07/301019997 There is growing consensus that federal legislation is needed to address the 47 different state approaches to data breach notification, but passage of a comprehensive federal bill is less than certain, experts say. Many say a polarized Congress may find itself unable to take decisive action, particularly given that this is an election year. As a result, many observers are, at best, cautiously optimistic. According to one estimate, 30 to 40 pieces of cyber risk legislation already have been proposed in Congress. Observers say a uniform federal law governing notification of data beaches would be welcome, but it should pre-empt related state laws if it is going to be successful. For instance, the Senate Judiciary Committee last year approved three Democrat-backed data breach bills. On the related issue of security, a House Republican task force last year said Congress should give companies incentives to boost their cyber defenses, but also said that tough regulation may be warranted for potentially critical facilities such as power and water plants. However, “In an election year, a lot of things don't get done with a stalemated Congress,” said John F. Mullen, an attorney with Nelson Levine de Luca & Horst L.L.C. in Blue Bell, Pa. “I just question” whether there will be movement “unless it's to someone's benefit that it does happen.” Shawn Edward Tuma, a partner with BrittonTuma P.L.L.C. in Plano, Texas, said, “I believe that before the end of 2012, there's a pretty good chance we will be getting legislation that helps,” although “I don't know if it'll go all the way toward what a lot of people are seeking.” “It's a difficult climate to pass legislation, but if one thing can make it through, it will be a cyber security bill.” said Jacob Alcott, a principal at Alexandria, Va.-based Good Harbor Consulting and former counsel to the Senate Committee on Commerce, Science, and Transportation. Harley Geiger, policy counsel at the Washington-based Center for Democracy & Technology, said any action on data breaches “likely depends on Congress' other priorities, and that is going to depend in part on domestic events.” During the past couple of years, “we've seen data breaches rise in frequency and in cost to business and consumers. There's no reason to expect that won't happen again in 2012,” although it may be “overshadowed by other events,” Mr. Geiger said. Celeste King, a founding partner with Walker Wilcox Matousek L.L.P. in Chicago, said there is a greater likelihood this year than previous years that legislation would be passed, “which isn't the same as saying it will happen.” Still, members of Congress “all seem relatively on the same page” in terms of being interested in doing something, and this is “probably one of the lesser controversial things” before them, she said. Robert Dix, Washington-based vp of government affairs and critical infrastructure protection for technology company Juniper Networks Inc., said, “I think that there are some opportunities right now.” Data breaches have “been a topic that we've been kicking around for quite a few years, and I think there are some opportunities to come to some bipartisan agreement on some chewable bits around this topic, and not try to load up the Christmas tree with all kinds of arrangements.” Beth Diamond, New York-based focus group leader for technology, media and business services for Beazley Group P.L.C., said the prospect that federal legislation will pass is very good. She said she believes there is strong bipartisan support for a federal cyber security law, and many versions of potential legislation are pending in Congress. “I think what's been missing is somebody really showing some leadership,” Ms. Diamond said. “What we've seen in the past last few weeks is that Senate Majority Leader Harry Reid, D-Nev., is looking to break that gridlock and get some movement.” When Congress returns this month from its recess, “I think you're going to see some real movement,” she said. In a Nov. 17 letter to Senate Minority Leader Mitch McConnell, R-Ky., Sen. Reid said, “Given the magnitude of the threat and the gaps in the government's ability to respond, we cannot afford to delay action” on critical legislation related to cyber security. “For that reason, it is my intent to bring comprehensive cyber security legislation to the Senate floor for consideration during the first Senate work period” in 2012. “It is my firm hope that the working groups will be able to achieve an agreement on legislation by then, but I believe the cyber threat to be of such urgency that we must act whether or not such agreement can be reached.” However, Lori S. Nugent, a partner with law firm Wilson Elser Moskowitz Edelman & Dicker L.L.P. in Chicago, said she does not believe that federal cyber legislation is necessary. Federal agencies and state governments “have increased their hiring of regulators to enforce existing laws that are impacted by data security,” she said. “I anticipate that in the coming year, more aggressive regulatory activity will take place and that additional legislation is not needed to support this activity.” _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Small, inexpensive USB drives pose huge threats to organizations left unprotected. Download Chapter 1 of CREDANT Technologies eBook Data Protection to the Rescue http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Current thread:
- Data breach notification could benefit from federal action Jake Kouns (Jan 03)
- Re: [Dataloss] Data breach notification could benefit from federal action Chris Walsh (Jan 04)