U.S. Needs Federal Data Security Law Now, Says Cybersecurity Group

December 15, 2006

A coalition of data security firms has renewed its call for Congress to protect personal information in cyberspace and help Americans trying to deal witht he risk on their own.

The businesses warn that the decline in consumer confidence in the security of personal information is a “serious drag” on the nation’s economy.

The Cyber Security Industry Alliance urged the new Congress to make it a top priority to enact a comprehensive law to secure sensitive personal information regardless of where it is held, be it within government or the private sector.

To date, 100 million Americans more than one-third of the population of the United States have had their personal information compromised, according to the Privacy Rights Clearinghouse.

The group maintains that mishandling of personal information is a problem affecting every corner of the country and a wide range of organizations, including private sector corporations, government agencies, financial firms, educational institutions, healthcare and insurance companies. The types of personal information that have been lost range from medical records to social security numbers to bank account details.

They note that the burden is on the victims to determine what degree of risk they face and how best to protect themselves from future incidents. This, the group says, creates a “frustrating and daunting situation” for so many Americans.

“The time is now to establish a single standard for securing citizens’ personal information regardless of whether it is housed within federal, state or local government, private sector or educational institutions,” said Paul Kurtz, executive director of CSIA. “Americans are being victimized by data breaches and current laws are inadequate to protect and notify them. The 110th Congress needs to make it a priority to pass a comprehensive federal law that addresses both of these concerns, alleviating the complex web of regulations that has been created by numerous state-level data security laws.”

To accomplish the dual goals of prevention and notification, a national law should establish reasonable security measures, create a consistent and recognizable notification standard, encourage best practices such as encryption, and include effective enforcement capabilities.

Added Kurtz, “Congress should be very concerned about this milestone not only because of the sheer number of individuals affected, but also because the decline in consumer confidence in the security of personal information is a serious drag on our economy. By passing a federal data security bill, Congress has the power to alleviate much of the fear, uncertainty and doubt that Americans are facing right now.”

Members of the CSIA include Application Security, Inc.; CA, Inc. (NYSE: CA); Citadel Security Software Inc. (CDSS:OTC); Citrix Systems, Inc. (NASDAQ: CTXS); Crossroads Systems, Inc. (OTCBB Pink Sheets: CRDS.PK); Entrust, Inc. (NASDAQ: ENTU); F-Secure Corporation (HEX: FSC1V); Fortinet, Inc.; Internet Security Systems Inc. (NASDAQ: ISSX); iPass Inc. (NASDAQ: IPAS); McAfee, Inc. (NYSE: MFE); Mirage Networks; MXI Security; PGP Corporation; Qualys, Inc.; RSA, The Security Division of EMC (NYSE: EMC); Secure Computing Corporation (NASDAQ: SCUR); Surety, Inc.; SurfControl Plc (LSE: SRF); Symantec Corporation (NASDAQ: SYMC); TechGuard Security, LLC; and Vontu, Inc.

Source: Cyber Security Industry Alliance

Was this article valuable?

Here are more articles you may enjoy.