House Plans Data Breach Disclosure Vote

Reporter’s Notebook: The U.S. House of Representatives expects to vote this week on one of the
more controversial data breach disclosure bills before Congress.


With stronger measures to choose from, the House Republican leadership
decided to promote legislation allowing data brokers to conduct an investigation of a breach and
determine if notification to consumers is necessary.


The Financial Data Protection Act of 2005 also allows companies that choose
to protect their data with encryption to take that into consideration when
determining if consumer notification is necessary in the aftermath of a
breach.


Despite those weak provisions, consumer groups are most concerned that the
standards in the bill would pre-exempt any state laws calling for breach
disclosures to consumers.


Currently, there is no federal law requiring data brokers to disclose
breaches to the public. A California law has prompted the disclosures of
high-profile breaches over the last two years.


“It’s shocking that at a time when data breaches are in the headlines daily
and consumers are at greater risk than ever for identity theft, Congress
would choose to vote on a bill that would strip consumers of their existing
identity theft protections,” Susanna Montezemolo, policy analyst with
Consumers Union, said in a statement.


“Congress should be helping consumers prevent identity theft, not
making things worse.”


The House leadership decided to pass on the Data Accountability and Trust
Act (DATA), which would require data brokers to notify consumers when there
is a “reasonable” risk the breach could result in identity theft.


Federal Agency Breaches? Different Question: Despite the toothless
disclosure bill before the House this week, Rep. Tom Davis (R-Va.) wants
government agencies to make public notifications mandatory in cases of data
breaches.


Given the embarrassing run of data breaches disclosed this summer by
agencies from the Veterans Administration to the Department of Agriculture,
it’s not a bad idea.


Who knew it wasn’t already mandatory?


“We have seen too many recent examples when sensitive data has been lost or
stolen and agencies have moved too slowly to acknowledge the problem and
take steps to limit the potential damage,” Davis said in introducing his
legislation.


Davis’ bill would amend the Federal Information Security Management Act and
direct the Office of Management and Budget (OMB) to establish policies,
procedures and standards for agencies to follow if sensitive personal
information is lost or stolen.


“Sadly, this legislation is necessary to ensure that federal agencies are
taking the proper steps to notify the public, the potential victims and
appropriate government officials that sensitive data may have been
compromised,” Davis said.


Congress Wants Internet Database of Sex Offenders: Last week, the
Senate approved legislation that would create the first U.S. Internet
database to improve the tracking of convicted sex offenders.


The Adam Walsh Child Protection and Safety Act also stiffens penalties for
child molesters who cross state lines and ups the number of investigators
involved in child pornography.


It also would permit the death penalty for sex offenders who murder a child.


Look for the House to pass the same legislation and have the bill on
President Bush’s desk by Thursday, the 25th anniversary of the abduction and
murder of Adam Walsh, the six-year-old son of National Center for Missing
and Exploited Children founders John and Revé Walsh.


There are more than 550,000 registered sex offenders in the United States,
but more than 100,000 are currently unaccounted for, prompting the call for
the national Internet database.


Got a Problem? Study It: It’s Congress’ favorite type of
legislation: a study.


On July 13, the U.S. House of Representatives approved
legislation directing the Environmental Protection Agency (EPA) to analyze
how effectively the IT industry is migrating to energy-efficient data
centers.


A little less than a week later, the Senate came up with virtually the
same bill in hopes of putting the legislation on President Bush’s desk
before the end of the year.


“America’s competitiveness depends on a strong, robust, technologically
advanced and sophisticated computer industry, but our energy security
depends on the wise and efficient use of all energy resources, including
electricity to power those computers,” bill sponsor George Allen (R-Va.)
said in a statement.


Allen said both of those goals could be met through reasonable approaches to
energy-efficient microchips and servers.


While the EPA’s Energy Star program has made successful inroads in reducing
the amount of power used by consumer computers, the House and Senate bills
focus on commercial data centers.


The large power-hogging servers of data centers for companies such as Google
and Yahoo consume massive amounts of power to cool and drive the machines. A
typical 100,000 square foot data center has a power bill of nearly $6
million a year.


The rule of thumb equates to a watt of indirect power consumption for every
watt of power directly consumed by the hundreds of servers making up a data
center.


“We need to constantly improve, innovate and adapt with new advanced super
computers that take less energy to power and cool, which will lessen the
demand on our utility grids and infrastructure,” Allen said.


If approved by the Senate, the EPA study would determine the potential cost
savings and benefits to the energy supply chain through the adoption of
energy-efficient data centers and servers, including reduced demand,
enhanced capacity and reduced strain on existing grid infrastructure.

News Around the Web