Security Legislation

After a spate of high-profile security breaches, including those at ChoicePoint Inc., Bank of America Corp. and LexisNexis Group, U.S. lawmakers are waking up to the growing problem of identity theft. Jon Corzine’s (D-N.J.) Identity Theft Recovery and Victim Assistance Act, and Dianne Feinstein’s (D-Calif.) Notification of Risk to Personal Data Act, are bills that focus on forcing companies to inform customers in the event of a security breach that compromises their personal data.

But neither of these measures gets to the crux of the problem, says Jim Harper, director of information policy studies at the Washington, D.C.-based Cato Institute, a nonprofit public policy research foundation. “They don’t actually address security issues,” he says. “What good is it to simply inform a customer of a security breach a month after it’s happened?”

Harper argues that any federal legislation must hold companies liable for the consequences of a security breach. “So if someone is a victim of identity theft, the company that allowed the data to get into the hands of the criminals will be responsible for the consequences—and the cost,” he says.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles