Data Breach Notification Legislation Getting Ready For Prime Time

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/oracle/2015/01/13/data-breach-notification-legislation-getting-ready-for-prime-time/

As if anticipating President Obama’s call for federal data breach
legislation, a member of Congress participating at this week’s National
Retail Federation conference in New York said that such legislation will
happen “within the next year.”

Marsha Blackburn, representative from Tennessee, took part in a panel
discussion about online data and privacy issues at the NRF show along with
Peter Welch, representative from Vermont. Blackburn and Welch co-chair the
Privacy Working Group of the House Energy and Commerce Committee.

Welch reiterated Blackburn’s prediction about federal data breach
notification legislation, calling it “something we really, really need to
do.”

The topic is of growing interest among retailers as they weigh new mobile
and analytics technologies to help customize marketing and sales efforts.
But recent high-profile data breaches, combined with more powerful
algorithms enabling retailers to identify customers across a variety of
shopping venues, including the internet, mobile devices, and physical
locations, have illustrated the potentially negative impact of these new
technologies.

President Obama’s plan would require companies to notify customers within
30 days after personal information is compromised. Such notification is
mandated now at the state level, and requirements vary by state. A federal
mandate would be “simple and straightforward,” Welch said.

Blackburn made the point that privacy-related legislation at the federal
level is only a small part of the effort needed to safeguard online data
from compromises and crime. “I feel that’s a piece of it,” she said. She
also talked about companies needing to be more open about how data is
collected and used, and more proactive in helping consumers navigate the
“virtual marketplace,” such as informing them of the importance and
application of opt-in and opt-out capabilities. “I encourage retailers to
educate their customers,” she said. She also stressed the need for
companies to share information concerning cyberthreats.

Blackburn was adamant that, in considering privacy legislation, Congress
“make sure innovation carries forward.” One way to do that, she said, is to
frame privacy efforts in terms of “safety provisions, not specific
technologies.”

Welch pointed out the importance of retail commerce to the US economy,
referring to it as “a big common interest.” It’s also a labor-intensive
one. “I’m amazed at how hard retail is,” he said. Therefore, the federal
government should do all it can to protect privacy and online data while
still “serving entrepreneurs,” he asserted.

Still, Welch noted that data compromises erode consumers’ confidence,
potentially affecting the growth of online commerce. He suggested that
companies should exercise “some restraint” in collecting personal data.
“Just getting information for its own sake might be a little hazardous,” he
said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!