Security Legislation

By CIOinsight  |  Posted 04-05-2005 Print


EUC with HCI: Why It Matters

Congress is taking baby steps toward holding companies responsible for identity theft.

After a spate of high-profile security breaches, including those at ChoicePoint Inc., Bank of America Corp. and LexisNexis Group, U.S. lawmakers are waking up to the growing problem of identity theft. Jon Corzine's (D-N.J.) Identity Theft Recovery and Victim Assistance Act, and Dianne Feinstein's (D-Calif.) Notification of Risk to Personal Data Act, are bills that focus on forcing companies to inform customers in the event of a security breach that compromises their personal data.

But neither of these measures gets to the crux of the problem, says Jim Harper, director of information policy studies at the Washington, D.C.-based Cato Institute, a nonprofit public policy research foundation. "They don't actually address security issues," he says. "What good is it to simply inform a customer of a security breach a month after it's happened?"

Harper argues that any federal legislation must hold companies liable for the consequences of a security breach. "So if someone is a victim of identity theft, the company that allowed the data to get into the hands of the criminals will be responsible for the consequences—and the cost," he says.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that cioinsight.com may send you cioinsight offers via email, phone and text message, as well as email offers about other products and services that cioinsight believes may be of interest to you. cioinsight will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit