National Data Security Law Gains Momentum
WASHINGTON — Support for a national data security law appears to be growing, with ChoicePoint and Bank of America throwing their support behind a national disclosure law in a Capitol Hill hearing this week.
Backup data tapes have been at the center of the debate, with recent tape losses by Bank of America, Ameritrade and Time Warner leading to a recommendation by Iron Mountain that users encrypt backup tape data.
At this point, the main question appears to be how a national data breach disclosure law would work.
With bills before the House and Senate that would force data brokers and financial institutions to inform consumers of a breach, Congress is looking at the nitty-gritty details of the legislation.
"One of my concerns, given the dramatic rise in recent reports on data braches, is there will be a headlong rush for notification in every instance," House Financial Services Committee Chairman Michael Oxley (R-Ohio) said at a Capitol Hill hearing.
According to Oxley, only a small percentage of the highly publicized cases of data breaches have actually resulted in any fraudulent activity.
"When no evidence surfaces to indicate their information has been misused, consumers may begin to ignore those notices as just that many more pieces of unsolicited junk mail," he said.
Bank of America recently revealed that data backup tapes containing more than a million records were lost during transport to a backup data center. A total of 15 tapes were shipped to the data center with five disappearing. Two of the lost tapes included customer information, while the other three tapes held non-sensitive, backup software.
"As to the tapes themselves, sophisticated equipment, software and operator expertise are all required to access the information," said Barbara Desoer of Bank of America. "In addition, specific knowledge of the manner in which the data is stored, that is, the fragmented nature of the data and the steps required to reassemble it would be required."
Desoer said the Secret Service has informed Bank of America that no evidence exists to indicate the tapes were wrongfully accessed or their content compromised.
Nevertheless, Desoer said, Bank of America supports a national disclosure law.
"Our recent actions demonstrate our belief that customers have a right to know when there is reason to believe that their information may have been compromised," she said.
Data broker ChoicePoint, which has also suffered embarrassing data breaches, also threw its support behind a national law.
"We support a pre-emptive national law that would provide for notification to consumers and a single law enforcement point of contact when personally identifiable information has fallen into inappropriate hands," Don McGuffy, a ChoicePoint senior vice president, said.
The breach disclosure bills in the House and Senate are based on California state legislation, which requires a business or government agency to notify an individual in writing or by e-mail when it is believed that unencrypted personal information has been compromised.
Sen. Diane Feinstein's bill goes beyond the California law to include encrypted data, and allows individuals to put a seven-year fraud alert on their credit report. The legislation proposes a $1,000 per individual civil fine for failure to notify, or not more than $50,000 per day while the failure to notify continues.
Article courtesy of Internet News