So far, it’s a very bad year

By

The relentless stream of data security breaches is putting pressure on Congress to beef up consumer privacy protection.

According to Privacy Rights Clearinghouse, a consumer organization, nearly 50 million people have had personal information exposed in 44 incidents this year.


Last month, MasterCard International revealed that 40 million credit cards of all brands were potentially exposed to fraud when an intruder broke into the network of payment processor CardSystems Solutions.

In June computer tapes with data on 3.9 million CitiFinancial customers were lost en route to a credit bureau.

Alarmed by the breaches, federal lawmakers have proposed nearly a dozen measures to boost privacy.

At a June 16 Senate hearing on identity theft, Sen. Gordon Smith (R-OR) said he planned to introduce bipartisan legislation that would include "a national obligation" for firms to safeguard sensitive data and a "balanced breach-notification trigger."

A survey by the Cyber Security Industry Alliance showed that more than seven in ten respondents said new laws are needed to protect consumer privacy on the web, and almost half said they avoid buying on the internet for fear their financial data might be stolen.

There are defensive steps businesses can take, said Jeff Smith, Tumbleweed Communications' CEO, including not storing sensitive data unless necessary, and encrypting it.

"This is a red-hot issue for the public. They want Congress to act," stated Dan Burton, Entrust vice-president of government relations.

"They are curtailing online transactions, so there's a real market impact that's being felt."

The private sector wants a national breach notification law, he said, which would supersede the growing number of state notification laws.

Chris Voice, Entrust's vice-president of technology, said industry is pushing for the law to include a "safe harbor" provision for encrypted data.

But this debate misses the need for a privacy debate, said Mark Rasch, chief security counsel at Solutionary.

"There's no concept of what information should be private and what shouldn't be, or what people should be allowed to collect and use and for what purposes," he said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?