So far, it’s a very bad year

By

The relentless stream of data security breaches is putting pressure on Congress to beef up consumer privacy protection.

According to Privacy Rights Clearinghouse, a consumer organization, nearly 50 million people have had personal information exposed in 44 incidents this year.


Last month, MasterCard International revealed that 40 million credit cards of all brands were potentially exposed to fraud when an intruder broke into the network of payment processor CardSystems Solutions.

In June computer tapes with data on 3.9 million CitiFinancial customers were lost en route to a credit bureau.

Alarmed by the breaches, federal lawmakers have proposed nearly a dozen measures to boost privacy.

At a June 16 Senate hearing on identity theft, Sen. Gordon Smith (R-OR) said he planned to introduce bipartisan legislation that would include "a national obligation" for firms to safeguard sensitive data and a "balanced breach-notification trigger."

A survey by the Cyber Security Industry Alliance showed that more than seven in ten respondents said new laws are needed to protect consumer privacy on the web, and almost half said they avoid buying on the internet for fear their financial data might be stolen.

There are defensive steps businesses can take, said Jeff Smith, Tumbleweed Communications' CEO, including not storing sensitive data unless necessary, and encrypting it.

"This is a red-hot issue for the public. They want Congress to act," stated Dan Burton, Entrust vice-president of government relations.

"They are curtailing online transactions, so there's a real market impact that's being felt."

The private sector wants a national breach notification law, he said, which would supersede the growing number of state notification laws.

Chris Voice, Entrust's vice-president of technology, said industry is pushing for the law to include a "safe harbor" provision for encrypted data.

But this debate misses the need for a privacy debate, said Mark Rasch, chief security counsel at Solutionary.

"There's no concept of what information should be private and what shouldn't be, or what people should be allowed to collect and use and for what purposes," he said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
badfaritssecuritysoveryyear

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?