NOTE:
Gearblog has morphed into Gibbsblog. All new postings, same great Gibbs. Come on over!
Credit reporting companies to be held accountable
By Gearhead, NetworkWorld.com, 06/01/05
According to an article in the Washington Post a large number of states are pushing for laws to punish "companies that maintain sensitive customer data when they hide a security breach".
Much of this push follows from a recent California law that allows for civil lawsuits against government bodies and companies that fail to disclose the theft or loss of personal data.
Since February Arkansas, Georgia, Montana, North Dakota, Washington, and New York City have passed similar legislation while governors' signatures for like bills in Florida and Illinois are pending and New York state is working on it. Indiana has a weaker approach through recent legislation that requires residents to be notified if their Social Security numbers are divulged by state agencies.
In particular Montana has posed serious consequences for privacy breaches -- companies can be fined up to $10,000 per violation for failing to disclose a security breach that endangers customer data and criminal charges would be filed if the companies should attempt to hide consumer data thefts.
California's law, which is also being put forward as the basis for federal legislation by U.S. Sen. Dianne Feinstein (D-Calif.), has been effective:
The California Department of Consumer Affairs reported May 27 that since the state's notification law went into effect in July 2003, it has been aware of 61 significant breach notifications involving an average of 163,500 individuals each. About one-fourth of the breaches occurred at financial institutions and another one-fourth at universities, with 15 percent reported by medical institutions, 8 percent by government and 7 percent by retailers, according to the figures.
The Washington Post article goes on to note that:
... taken together, the state laws may backfire as businesses lobby Congress to enact new -- and most likely less stringent -- federal statutes to preempt what critics say is quickly amounting to a patchwork of disparate, confusing and costly new regulations.
Any commercial entities that want to gain "first mover advantage" should be making consumer data security a foundational component of their business strategy by not only supporting legislation but also ensuring it provides serious consequences for organizations that are careless about customer privacy.
Back to Gearblog
Comments
