Article

Industry group uses awareness month to lobby for data breach laws

Robert Westervelt, News Editor

The Cyber Security Industry Alliance, a trade group made up of US-based security vendors, is in full gear to pressure members of Congress to enact data security and breach legislation.

The organization said it is using the National Cyber Security Awareness Month during the month of October to meet with congressional officials.

"CSIA and its member companies will spend much of the month seeking to educate members of Congress both in their Capitol Hill offices, and back in their district offices during congressional recesses, on the importance of making national data security and breach notification legislation a priority for enactment in the 110th Congress," the organization said in a statement.

A number of industry and consumer groups are pushing for

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

data breach notification laws, calling for strict data protection rules and stiff penalties to force companies to better lock down their data. The massive data security breach at Framingham, Mass.-based TJX Cos. helped fuel the movement. Data breaches have become more public in recent years as a result of legislation in more than a dozen states that require companies and government agencies to notify consumers if their data is lost.

CSIA was launched in February 2004 as a public policy association and has been working with the U.S. Congress on the data security and other policy issues since its founding. RSA, a division of EMC, CA Inc., Symantec, and F-Secure Corp. are among the members of the alliance.

The CSIA criticized Congress for failing to pass a comprehensive data security law in 2006 requiring companies with data breaches to notify victims.

The group is calling for a law that emphasizes encryption. The group said the law would apply equally to all government agencies and businesses that collect and maintain personal information of consumers.

"By using the right technology and key security practices, consumers and businesses can not only protect their computers, identities and information from cyber criminals, but also play a proactive role in helping protect the nation's critical infrastructure from man-made threats," said Ron Teixeira, executive director, NCSA in a statement.

The movement for tougher laws in the United States is also growing globally. A trade association representing hundreds of technology firms in the UK is also pushing lawmakers there to develop a breach notification law and rigorous data protection rules. The group, called Intellect, has formed a data breach notification working group and is monitoring the affect of US-based data protection rules.

The Privacy Rights Clearinghouse, which tracks data breaches, says more than 166 million IDs have been compromised to date. Some IT pros say that government regulations and PCI DSS are already helping drive the need for better technology to protect systems containing consumer data.