Gautham Nagesh reports: The House Energy and Commerce Committee announced a comprehensive review of data security and eletronic privacy issues on Wednesday, beginning with Thursday’s hearing on data breaches at Sony and Epsilon. The announcement signals the committee is likely staking out its place for the upcoming debates on comprehensive cybersecurity and privacy legislation, both…
Category: Federal
Three National Data Breach Notification Legislative Proposals Issued
Craig Hoffman writes: So far this month, three legislative proposals containing a national data breach notification requirement have been issued. On May 4, Rep. Bobby L. Rush (D-Ill.) reintroduced the Data Accountability and Trust Act. On May 11, Rep. Cliff Stearns (R-Fla.) introduced the Data Accountability and Trust Act (DATA) of 2011. One day later, the White…
Breach Notification Proposal Lacks Teeth
Clearly I’m not the only one who was unimpressed with the Obama administration’s plan for a federal data breach notification law. Tracy Kitten reports: The Obama administration’s plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, critics say. Read more on BankInfoSecurity.com.
AU: How security chief’s bank details leaked
Ben Grubb reports: Security firm Symantec’s Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws. […] Scroggie’s credit card data was leaked via email when a Melbourne restaurant at which he was a member attempted to…
White House Wants Tougher Penalties for Computer Breaches
David E. Sanger and John Markoff report: Almost two years after outlining a broad strategy intended to strengthen the security of the nation’s computers and networks, the Obama administration said Thursday that it was sending proposed legislation to Congress that would strengthen penalties for any invasion of private computer systems. But the White House, in…
President’s cybersecurity agenda includes proposed federal data breach notification law
To cut to the chase: you can read the language of the proposed data breach notification law here. Sadly, the proposed language allows entities NOT to notify affected individuals if they conduct a risk assessment and determine that there is no risk to those whose data were breached. Other problems I see on a first…