Tech Policy Central: Notification of Data Breaches

Recent TPC Posts

Future of Privacy Forum Launches

A Look at Broadband's Role in Online Education

Net's Role in Fighting Poverty Topic at IIA Symposium

Google CEO Eric Schmidt Talks Policy; What Will 2009 Bring?

Call for Nominations: People to Watch

Michigan Governor Visits Better Place (The Startup)

Does Being President Mean Never Getting to Email?

Our Twitter Feed

follow TechPolicy at http://twitter.com

From the Vault

Check out the latest videos in the Media Vault. Recent additions include President-elect Obama's technology blueprint and clips from this year's Web 2.0 Summit in San Francisco featuring a conversation with VC John Doerr and a discussion about the Web and politics.

Research Highlights

Find out which country ranked on top in the World Economic Forum's annual Global Competitiveness Report.

Read about the results of the Campus Computing Project's latest survey on the costs of peer-to-peer compliance at colleges and universities.

Robert Atkinson of ITIF calls for the creation of a National Innovation Foundation in a recent report.

Vote in TPC's Poll

Online Surveys & Market Research

See Who's Hiring

Whether you're in the market for a better job, or you're trying to recruit the perfect employee, start by visiting the Job Bank. It's always free to look and job listings are only $10!

View All Jobs

Post a Job

Get your job site
at SimplyHired.com

Notification of Data Breaches

Oct 29, 2007

For at least a few more days, it is National Cyber Security Awareness Month, and one of the key policy priorities for security advocates like the Cyber Security Industry Alliance (CSIA) is the passage of federal data breach legislation. According to the Privacy Rights Clearinghouse, since early 2005, over 166 million records containing personal information like social security and credit card numbers have been lost or stolen in the U.S.

It's safe to say that most people would agree that prevention is the best medicine in this case. But what happens when data breaches do occur?

TJX, parent company of retailers TJ Maxx and Marshall's, recently "earned" the dubious distinction of being part of the biggest credit card data breach ever. While details are still emerging, Computerworld reported last week that an incredible 94 million Visa and MasterCard accounts belonging to TJX customers may have been stolen over a 17-month period by hackers who infiltrated TJX's payment systems. As a result, the company is facing hefty fines, lawsuits and a series of investigations by the Federal Trade Commission and states' attorney generals.

A story in today's Computerworld suggests that the aftermath of a data breach, even one much smaller than TJX's, is an increasingly complex issue because laws vary from state to state. According to the article, "with more than 30 state data-disclosure notification laws now on the books, officials at many companies doing interstate business are hoping that cohesive national legislation will smooth out the nuances among differing statutes. But so far, federal legislation that would unify corporate disclosure rules is merely inching forward. "

Among the contenders: Senators Patrick Leahy (D-VT) and Arlen Specter (R-PA) are co-sponsors of the Personal Data Privacy and Security Act of 2007; Sen. Daniel Inouye (D-HI) and others are sponsoring the Identity Theft Prevention Act; and Rep. Lamar Smith (R-TX) sponsored the Cybersecurity Enhancement and Consumer Data Protection Act in the House. Similar legislation was introduced but never passed Congress during the 109th session. Time will tell if news like the TJX case will lead to a different outcome.

Tags: Data Breach, Security