One-quarter of 2007 has passed and Congress has yet to act on a comprehensive data privacy bill. Security breaches in the public and private sectors continue to mount. Notifications to consumers are arriving daily in consumers’ mailboxes. Polls continue to show that consumers are worried about identity theft and misuse of their information.
Inside 1to1 - Privacy spent some time this month analyzing one of the leading federal bills, the Personal Data Privacy and Security Act of 2007. We discovered that the bill contains a blatant inequity in the treatment of private sector breaches compared with public sector incidents. The inequity? Five years in prison for company employees who willfully conceal breaches and no criminal punishment for similar public sector incidents.
Perhaps it’s time to go back to the drawing board after a more thoughtful public policy debate about the effectiveness of security breach notification. If breach notification ultimately is the policy in the U.S., then the approach should be fair across the board to achieve a sound policy that promotes accountability for protecting sensitive data.
Do you think companies and the public sector should be held to the same high standard when it comes to willful concealment of a security breach?
Email me your predictions about whether Congress will pass data security legislation this year.
J. Trevor Hughes, CIPP
Executive Director, IAPP