While the security landscape of this country may have been tougher had this bill matured into a law, it can be argued that the landscape is considerably tougher due to the very existence of this bill during the 109th Congress. Nearly all major corporations have an Information Security Officer of some type and nearly as many have written policies regarding disclosure. The very fact that Americans and their representatives were interested enough to carry this bill through the Congress and through multiple edits caused Corporate America to stand up and take notice. The news now is rife with examples of data breaches and what the corporations are doing in regards to those breaches. While some may argue that the world would have been a better place with this law, I can't help but wonder if Rep. Stearns and others were really smart enough to draft an information security policy for our nation, perhaps the failed attempt (and the notice it gave Corporate America) was the best thing Congress could do for us.
Friday, July 25, 2008
How a bill (eg...HR 4127) can change the Information Storage landscape
In October of 2005 Rep. Clifford Stearns (R. Fl) introduced the Data Accountability and Trust Act (DATA). This act was to establish corporate liability for the storage of personal information and protect consumers by the establishment of expected behaviors on the part of information brokers. The act would have required all "information brokers" or companies who store personal information and release it to third parties to implement strict security policies which would include encryption, data retention policies, the designation of an officer to establish and implement such standards within the company etc... The act would impose the additional requirement of notification in the event of a data breach in a prompt and timely manner. Those notified of the breach could legally require the data broker to monitor their credit for two years following notification of such a breach. Finally, compliance was to be enforced by the FTC utilizing the disciplinary tools afforded them by the Fair Trade Act.
Labels:
4127,
congress,
data security,
encryption,
legislation
Subscribe to:
Posts (Atom)