Will Congress act on notification legislation?

Powered by SC Magazine
 

Nearly six months into the term of the 110th Congress, it's unclear whether significant federal breach notification legislation will be passed before the November 2008 general election, breach experts said today.

Milo Cividanes, a partner at Venable LLC., said today that with eight bills in either US House or Senate committee, it’s far from a done deal that a notification bill will be passed by January 2009.

"You would’ve thought that with all of the headlines in 2005," Congress would have passed notification legislation," Cividanes said, speaking at the International Association of Privacy Professionals’ Practical Privacy Series, held today in New York City.

It’s uncertain "whether we are going to get legislation out of this Congress, or whether [a notification law] would get bunched in with some other privacy legislation," he said. "It is not clear if Congress will bring relief to this area anytime soon."

Cividanes said it was also unclear how any new federal legislation would affect local breach notification laws. Thirty-eight jurisdictions, including states and territories, have passed such laws.

In recent years, especially since the landmark ChoicePoint breach of 2005, the prevention of data breaches has become an information security priority. The Privacy Rights Clearinghouse as estimated that breaches have compromised the personal information of more than 155 million Americans.

Meanwhile, William J. Cook, chairman of business continuity and security practices at Wildman, Harrold, Allen and Dixon LLP, urged businesses to use the US Secret Service and other federal agencies as resources in the event of a data breach — many of which are the result of routine thefts.

"Probably a laptop that was stolen was [stolen by] someone who has a drug problem, or it was just a smash and grab situation," he said, adding that victimisd companies should immediately investigate to see whether any regulations have been violated.

Cook also said that customer lawsuits following a breach would become more frequent.

"This is something that we’re going to have to live with for the foreseeable future," he said.

Will Congress act on notification legislation?
 
 
 
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
 
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1043

Vote