Cyber-security group wants national law |
|
|
|
Published
:
Thu, 19 Apr 2007 23:43
|
WASHINGTON (AP) - A cyber-security industry group whose members include executives from Symantec Corp. and CA Inc. pressed lawmakers Thursday to enact a national law that would replace the hodgepodge of state laws governing the disclosure of lost and stolen consumer data.The Cyber Security Industry Alliance said a federal law is needed because it is too costly and difficult for businesses to comply with 35 different state laws that require them to publicly disclose security breaches involving personal information, such as credit card data or Social Security numbers.The group's members said a federal law should also promote higher cyber-security standards, such as encryption, which could help cut down the number of breaches.Symantec Chief Executive John Thompson said protecting against a breach in the first place is far less expensive than dealing with the aftermath of one.He said when a data breach occurs, a company spends, on average, $175 to $185 per record for public notification of the breach, legal and other associated fees and lost productivity, among other things.Several lawmakers, including Sen. Dianne Feinstein, D-Calif., Sen. Patrick Leahy, D-Vt., have introduced data breach notification bills this year that would pre-empt state laws. Similar bills were introduced last year, but went nowhere.The group said it doesn't support any one data security bill over another.John Hutchins, a privacy and data security attorney with Troutman Sanders, said most state laws, such as California's, require companies and agencies to disclose a breach even if it's just a database of names and addresses.Hutchins said a few state laws, including Florida's, require an investigation to determine whether the public suffered any harm following a breach. If the investigation determines no harm was done to the public, then a company doesn't have to disclose the incident.Among the most publicized data breaches recently, discount retailer TJX Cos. Inc. said in December at least 45.7 million credit and debit cards were stolen over a 17-month period. Last summer, the Department of Veterans Affairs also revealed that a computer containing sensitive information on 26.5 million veterans was stolen for an analyst's home and later recovered.Copyright 2007 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
|
|
|
|
Print this Story
FDIC warns against fraudulent e-mails 