Senate Takes up Data Security Law

With growing evidence that Americans want new data privacy laws, the U.S.

Senate opens a series of hearing today on legislative solutions to data

breaches and identity theft.

Thursday’s full Senate Commerce Committee hearing will not

specifically address any of the several bills introduced in the 109th

Congress, which combat identity theft and force data brokers to disclose

breaches of personal information to consumers.

Instead, the panel will hear from all five members of the Federal Trade

Commission, which most likely would be charged with enforcing any new data

privacy laws. Vermont Attorney General William Sorrell will also be

representing the National Association of Attorneys General.

The hearing comes just one day after the release of an Entrust survey showing 71 percent of Americans believe new laws are

needed to protect consumer privacy on the Internet.

“The results of this survey should serve as a wake-up call to policy-makers

and business leaders,” Entrust CEO Bill Conner said in a statement. “Voters

view identity theft as a white hot issue and want the government to protect

them. In the interim, they are voting with their keyboards by curtailing

their online transactions.”

According to the survey of 1,003 likely U.S. voters, 97 percent of the

respondents rate identity theft as a serious problem, with 48 percent saying

they now avoid online purchases out of fear of their financial data being

stolen.

Conner urged Congress to enact a uniform national breach notification law

for unauthorized acquisition of unencrypted personal information.

Momentum is growing for a national data breach disclosure in the wake of

numerous disclosures this year of data brokers, banks and universities

losing or exposing the personal information of millions of consumers.

The disclosures would not have come to light except for a new California law

that requires a business or government agency to notify an individual in

writing or by e-mail when it is believed that unencrypted personal

information has been compromised.

The success of the California law is prompting a number of states to pursue

the legislation. In the face of the apparent inevitability of numerous

state laws, technology lobbyists are now pursuing a national disclosure law

that would pre-empt all state laws.

California Democrat Dianne Feinstein, a member of the Senate Commerce Committee, is

expected to push her two-year-old legislation that goes beyond the

requirements of the California state law.

Feinstein’s bill seeks to force businesses and governments to disclose data

breaches of both unencrypted and encrypted data. The legislation proposes a

$1,000 per individual civil fine for failure to notify or not more than

$50,000 per day while the failure to notify continues.

Feinstein’s bill makes only two exceptions to notifying consumers of a data

breach: by the written request of law enforcement for the purposes of a

criminal investigation and for national security purposes.

“We desperately need a strong national standard that says whenever a data

system is breached, everyone who is at risk of identity theft must be

notified,” Feinstein said in a statement. “The fact of the matter is that

your buying habits, your bank accounts, your Social Security number, your

driver’s license — all of your personal data — today is being collected,

collated, distributed, bought, sold, without your knowledge or consent.”

Entrust’s Conner said Wednesday private businesses should be as concerned as

lawmakers.

“Organizations that depend on online transactions risk financial loss and

brand erosion unless they act quickly to protect sensitive information both

in transit and at rest,” Conner said. “They must deploy blended security

applications that make use of strong authentication and encryption

technologies.”

News Around the Web