RealTime IT News

House Plans Data Breach Disclosure Vote

Reporter's Notebook: The U.S. House of Representatives expects to vote this week on one of the more controversial data breach disclosure bills before Congress.

With stronger measures to choose from, the House Republican leadership decided to promote legislation allowing data brokers to conduct an investigation of a breach and determine if notification to consumers is necessary.

The Financial Data Protection Act of 2005 also allows companies that choose to protect their data with encryption to take that into consideration when determining if consumer notification is necessary in the aftermath of a breach.

Despite those weak provisions, consumer groups are most concerned that the standards in the bill would pre-exempt any state laws calling for breach disclosures to consumers.

Currently, there is no federal law requiring data brokers to disclose breaches to the public. A California law has prompted the disclosures of high-profile breaches over the last two years.

"It's shocking that at a time when data breaches are in the headlines daily and consumers are at greater risk than ever for identity theft, Congress would choose to vote on a bill that would strip consumers of their existing identity theft protections," Susanna Montezemolo, policy analyst with Consumers Union, said in a statement.

"Congress should be helping consumers prevent identity theft, not making things worse."

The House leadership decided to pass on the Data Accountability and Trust Act (DATA), which would require data brokers to notify consumers when there is a "reasonable" risk the breach could result in identity theft.

Federal Agency Breaches? Different Question: Despite the toothless disclosure bill before the House this week, Rep. Tom Davis (R-Va.) wants government agencies to make public notifications mandatory in cases of data breaches.

Given the embarrassing run of data breaches disclosed this summer by agencies from the Veterans Administration to the Department of Agriculture, it's not a bad idea.

Who knew it wasn't already mandatory?

"We have seen too many recent examples when sensitive data has been lost or stolen and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage," Davis said in introducing his legislation.

Davis' bill would amend the Federal Information Security Management Act and direct the Office of Management and Budget (OMB) to establish policies, procedures and standards for agencies to follow if sensitive personal information is lost or stolen.

"Sadly, this legislation is necessary to ensure that federal agencies are taking the proper steps to notify the public, the potential victims and appropriate government officials that sensitive data may have been compromised," Davis said.

Congress Wants Internet Database of Sex Offenders: Last week, the Senate approved legislation that would create the first U.S. Internet database to improve the tracking of convicted sex offenders.

The Adam Walsh Child Protection and Safety Act also stiffens penalties for child molesters who cross state lines and ups the number of investigators involved in child pornography.

It also would permit the death penalty for sex offenders who murder a child.

Look for the House to pass the same legislation and have the bill on President Bush's desk by Thursday, the 25th anniversary of the abduction and murder of Adam Walsh, the six-year-old son of National Center for Missing and Exploited Children founders John and Revé Walsh.

There are more than 550,000 registered sex offenders in the United States, but more than 100,000 are currently unaccounted for, prompting the call for the national Internet database.

Got a Problem? Study It: It's Congress' favorite type of legislation: a study.

On July 13, the U.S. House of Representatives approved legislation directing the Environmental Protection Agency (EPA) to analyze how effectively the IT industry is migrating to energy-efficient data centers.

A little less than a week later, the Senate came up with virtually the same bill in hopes of putting the legislation on President Bush's desk before the end of the year.

"America's competitiveness depends on a strong, robust, technologically advanced and sophisticated computer industry, but our energy security depends on the wise and efficient use of all energy resources, including electricity to power those computers," bill sponsor George Allen (R-Va.) said in a statement.

Allen said both of those goals could be met through reasonable approaches to energy-efficient microchips and servers.

While the EPA's Energy Star program has made successful inroads in reducing the amount of power used by consumer computers, the House and Senate bills focus on commercial data centers.

The large power-hogging servers of data centers for companies such as Google and Yahoo consume massive amounts of power to cool and drive the machines. A typical 100,000 square foot data center has a power bill of nearly $6 million a year.

The rule of thumb equates to a watt of indirect power consumption for every watt of power directly consumed by the hundreds of servers making up a data center.

"We need to constantly improve, innovate and adapt with new advanced super computers that take less energy to power and cool, which will lessen the demand on our utility grids and infrastructure," Allen said.

If approved by the Senate, the EPA study would determine the potential cost savings and benefits to the energy supply chain through the adoption of energy-efficient data centers and servers, including reduced demand, enhanced capacity and reduced strain on existing grid infrastructure.