Posted on 02/09/2007 4:32:53 PM PST by xcamel
** Flurry of techish bills introduced in new Congress
Members of Congress introduced a flurry of new technology-related bills this week, including two bills that would require companies with data breaches to notify affected customers.
Senators Patrick Leahy, a Vermont Democrat, and Bernie Sanders, a Vermont independent, introduced the Personal Data Privacy and Security Act. In addition to requiring data breach notification, the bill would also require data brokers to disclose what information they hold on individuals. The bill would allow individuals to correct information held by data brokers, and it would require companies that have databases with personal information on more than 10,000 U.S. residents to implement data privacy and security programs.
Representatives Bobby Rush, a Illinois Democrat, and Cliff Stearns, a Florida Republican, introduced the Data Accountability and Trust Act this week. Their bill, with 24 co-sponsors, authorizes the Federal Trade Commission (FTC) to draw up data privacy requirements for businesses, including requirements that they have vulnerability assessments and policies for disposing of obsolete data.
After a company reports a data breach, the FTC would conduct an audit of its security practices, and, like the Leahy-Sanders bill, the bill would require data brokers to disclose the information they hold on individuals and allow individuals to correct wrong information.
Organizations have lost 100 million personal records belonging to U.S. residents in data breaches since 2005, Leahy said in a speech on the Senate floor. Leahy, chairman of the Senate Judiciary Committee, singled out data breaches at the Department of Veterans Affairs last May and retailer The TJX Companies Inc. announced in January in his speech.
"These data security breaches are compelling examples of why we need strong federal data privacy and security laws to protect Americans’ personal data and to address the ills of lax data security," he said. "In the information age, any company that wants to be trusted by the public must earn that trust by vigilantly protecting the databases they use and maintain."
Members of Congress introduced about a dozen bills requiring data breach notification after a series of breaches in early 2005, but legislation stalled largely over committee jurisdictional wrangling. About 30 states have passed breach notification laws, most of them since 2005.
The Cyber Security Industry Alliance, a trade group of IT security vendors, in January called on Congress to pass a comprehensive data protection bill, including breach notification. But some groups, including conservative think tank the Progress and Freedom Foundation, have questioned the need for a breach notification law, saying the cost to businesses may far outweigh the benefits to consumers.
Other tech-related bills introduced this week:
• Two bills allowing the FTC to investigate the practice of pretexting, when an investigator assumes a false identity to gain access to a person's telephone records. President George Bush signed a bill creating penalties for pretexting in January, but the two new bills would give the FTC the authority to investigate and prosecute pretexters.
Many lawmakers became interested in the issue after Hewlett-Packard Co. disclosed in September that investigators it had hired used pretexting in an attempt to gain access to board members' and reporters' phone records.
• A bill targeted at spyware by establishing criminal penalties for a number of actions. The bill would prohibit keystroke logging, taking control of a computer without the user's consent, diverting Web browsers, using computers to create botnets and modifying a computer users' browser and security settings without permission.
Two spyware bills passed the House of Representatives by overwhelming majorities in March 2005, but the Senate didn't act on them.
Or "Can-Spam"?
Sanders is a self-admitted socialist and seeing him preside over the senate recently is disgusting.
And who is going to enforce any of this? Who are you going to call to get them to do it? The sum of all of this is looking like doing something without actually doing a thing.
It will be used to levy fines and scare people into hiring consultants who will take their money and shrug their shoulders when the hackers get in.. then these same company's will have to go through public humiliation, criminal charges and FTC audits with $400/hr lawyers..
Meanwhile the crooks and the hackers will drink their vodka and eat their rice.. and laugh their asses off at Americans.
How do you enforce this law when the vast majority of criminals breaking this law are located outside the US. Russia and China are noted havens for these scumbags.
Enforcing this law will be impossible, but the Donks will be able to say, "We tried."
egg-zactly
Interesting. I wonder if law enforcement has been exempted?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.