RealTime IT News

Security Group Calls on Congress

Public confidence in e-commerce will erode if Congress does not step forward and pass a meaningful national data breach disclosure law this year, according to the Cyber Security Industry Alliance (CSIA).

The industry advocacy group wrote congressional leaders last week urging them to put aside political differences and put legislation on President Bush's desk by the end of the year.

The CSIA said more than 52 million of Americans' personal records have been hacked, lost, stolen or otherwise compromised over the last year.

"These security breaches, from medical records to Social Security numbers and credit card accounts, were once front-page news," the letter states. "Today, they have become so commonplace as to hardly seem newsworthy, but their cumulative effect has been to corrode public confidence in the security of private information."

The 109th Congress opened more than a year-and-a-half ago in the immediate aftermath of high-profile data breaches suffered by ChoicePoint and LexisNexis.

Hearings were immediately held but neither the House nor the Senate has yet to pass any legislation.

"Congress must demonstrate leadership by passing legislation to foster the adoption of best practices to protect consumers' personal information -- such as encryption that renders stolen data unusable -- and standardize the requirements for reporting breaches that do occur," the letter states.

The CSIA noted that state governments are moving into the void created by Congress, with dozens passing laws mandating consumer notification of data breaches.

"Unfortunately, these good intentions will likely result in an unnecessarily complex and cumbersome Web of regulations for businesses to comply with and consumers to understand," the CSIA wrote.