Group calls for federal data security breach notification law

Article

Group calls for federal data security breach notification law

The Cyber Security Industry Alliance (CSIA), a lobbying group comprised of a number of security vendors, is pressing Congressional legislators to pass a law governing disclosure in the event of a data security breach.

In the CSIA's annual report,

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

the group criticized Congress for failing to pass a comprehensive data security law in 2006 requiring companies with data breaches to notify victims.

Currently 35 states require companies to publicly disclose security breaches involving personal information, such as credit card data and Social Security numbers. The group said it is too time consuming and costly for businesses to comply with the different laws.

The group is calling for a law that emphasizes encryption and promotes higher security standards that could reduce the number of data breaches. The group said the law would apply equally to all government agencies and businesses that collect and maintain personal information of consumers.

Cyber Security Industry Alliance:
Flurry of state disclosure laws creates confusion for CISOs: Now that nearly three dozen states have enacted breach disclosure laws, national companies face the challenge of reconciling a vast array of guidelines and their implications.

Group gives government low marks on data protection: The Cyber Security Industry Alliance, a lobbying group of security vendors, gives the federal government and congress a D-grade for securing sensitive information.

Heavyweight CEOs align on security: A dozen security hardware, software and services vendors announced their union at RSA Conference '04. The Cyber Security Industry Alliance (CSIA) is a formidable conglomerate of the CEOs of 12 security heavyweights, including Symantec and CA.

A number of highly publicized data breaches have made the news in recent months, including the largest ever recorded, which took place at Framingham, Mass.-based retailer, TJX Cos. Last year a laptop containing the names, Social Security numbers and dates of birth of up to 26.5 million military veterans and some spouses was stolen from an official at the Department of Veterans Affairs. Several other agencies reported similar incidents of stolen laptops containing sensitive data.

The top cybersecurity job at the Department of Homeland Security (DHS) also sat vacant for more than a year until Gregory Garcia took the post in the fall.

The group's annual report also identified other specific actions for Congress to focus on for improving information security. The group is lobbying to toughen the Federal Information Security Management Act (FISMA), to strengthen enforcement and require government contractors to comply with the requirements. The group also said a dedicated system should be set up within the Department of Homeland Security that can monitor the communication infrastructure in the event of a major attack or disruption.

Members of the CSIA include Application Security, Inc.; Bharosa Inc.; BSI Management Systems; Crossroads Systems, Inc.; Entrust, Inc.; F-Secure Corp.; IBM Internet Security Systems Inc.; iPass Inc.; MXI Security; PGP Corporation; Qualys, Inc.; RSA, a division of EMC; Secure Computing Corp.; Surety, Inc.; SurfControl; TechGuard Security; and Vontu, Inc.; Symantec Corp.; and CA Inc.