The Cyber Security Industry Alliance, a trade group made up of US-based security vendors, is in full gear to pressure members of Congress to enact data security and breach legislation.
The organization said it is using the National Cyber Security Awareness Month during the month of October to meet with congressional officials.
"CSIA and its member companies will spend much of the month seeking to educate members of Congress both in their Capitol Hill offices, and back in their district offices during congressional recesses, on the importance of making national data security and breach notification legislation a priority for enactment in the 110th Congress," the organization said in a statement.
A number of industry and consumer groups are pushing for data breach notification laws, calling for strict data protection rules and stiff penalties to force companies to better lock down their data. The massive data security breach at Framingham, Mass.-based TJX Cos. helped fuel the movement. Data breaches have become more public in recent years as a result of legislation in more than a dozen states that require companies and government agencies to notify consumers if their data is lost.
CSIA was launched in February 2004 as a public policy association and has been working with the U.S. Congress on the data security and other policy issues since its founding. RSA, a division of EMC, CA Inc., Symantec, and F-Secure Corp. are among the members of the alliance.
The CSIA criticized Congress for failing to pass a comprehensive data security law in 2006 requiring companies with data breaches to notify victims.
The group is calling for a law that emphasizes encryption. The group said the law would apply equally to all government agencies and businesses that collect and maintain personal information of consumers.
"By using the right technology and key security practices, consumers and businesses can not only protect their computers, identities and information from cyber criminals, but also play a proactive role in helping protect the nation's critical infrastructure from man-made threats," said Ron Teixeira, executive director, NCSA in a statement.
The movement for tougher laws in the United States is also growing globally. A trade association representing hundreds of technology firms in the UK is also pushing lawmakers there to develop a breach notification law and rigorous data protection rules. The group, called Intellect, has formed a data breach notification working group and is monitoring the affect of US-based data protection rules.
The Privacy Rights Clearinghouse, which tracks data breaches, says more than 166 million IDs have been compromised to date. Some IT pros say that government regulations and PCI DSS are already helping drive the need for better technology to protect systems containing consumer data.
UK group pushes for stiff data security breach laws: A group representing technology firms is pushing UK lawmakers to pass breach notification laws and data protection rules.
As data breaches snowball, IT pros look for answers: The Privacy Rights Clearinghouse says more than 166 million IDs have been compromised to date. IT professionals are seeking ways to ensure their companies don't add to the tally.
TJX should have had stronger Wi-Fi encryption, say Canadian officials: TJX Cos. should have moved faster to upgrade its Wi-Fi security from WEP encryption to WPA encryption, say Canadian officials.
Gap security breach exposes data on 800,000: The latest retailer to suffer a security breach is Gap Inc., which blames the exposure of data on 800,000 job applicants on a third-party vendor that manages the information.