Public confidence in e-commerce will erode if Congress does not step forward
and pass a meaningful national data breach disclosure law this year,
according to the Cyber Security Industry Alliance (CSIA).
The industry advocacy group wrote congressional leaders last week urging
them to put aside political differences and put legislation on President
Bush’s desk by the end of the year.
The CSIA said more than 52 million of Americans’ personal records
have been hacked, lost, stolen or otherwise compromised over the last year.
“These security breaches, from medical records to Social Security numbers
and credit card accounts, were once front-page news,” the letter states.
“Today, they have become so commonplace as to hardly seem newsworthy, but
their cumulative effect has been to corrode public confidence in the
security of private information.”
The 109th Congress opened more than a year-and-a-half ago in the immediate
aftermath of high-profile data breaches suffered by ChoicePoint and
LexisNexis.
Hearings were immediately held but neither the House nor the
Senate has yet to pass any legislation.
“Congress must demonstrate leadership by passing legislation to foster the
adoption of best practices to protect consumers’ personal information — such
as encryption that renders stolen data unusable — and standardize the
requirements for reporting breaches that do occur,” the letter states.
The CSIA noted that state governments are moving into the void created by
Congress, with dozens passing laws mandating consumer notification of data
breaches.
“Unfortunately, these good intentions will likely result in an unnecessarily
complex and cumbersome Web of regulations for businesses to comply with and
consumers to understand,” the CSIA wrote.