Senator to businesses: Protect data or pay

Share this story:Tweet about this on Twitter0Share on LinkedIn0Share on Google+0Share on Facebook0

As George Hulme recently wrote, the vision of Senator Richard Blumenthal’s data breach legislation is simple enough:  Protect individuals’ personally identifiable information from data theft, and penalize firms that don’t adequately secure their customers’ information.

Clearly, there’s a need for organizations to better secure confidential and private customer information.  It seems that a week rarely passes without a new high-profile data breach in the news.  In fact, 2011 is trending to be the worst-ever year for data breaches.  And that is despite many U.S. states introducing legislation that expands the scope of state laws, sets stricter requirements related to notification of data breaches involving personal information, and increases penalties for those responsible for breaches.

The need to protect customer data is unanimously shared by honest people worldwide…. The issue is HOW to effectively govern and enforce the various data protection requirements and laws?

I agree with Senator Blumenthal’s concept of establishing “appropriate minimum security plans”…. But color me skeptical on the government’s ability to appropriately monitor and enforce those plans, especially after witnessing the mighty struggles at effectively governing the dozens of state laws already on the books.

My skepticism is shared by many, including Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation:  “The devil is in the details with these laws.  We’ve had regulations, from Gramm-Leach-Bliley to HIPAA, that purport to help protect consumer data.  Companies are already victims in these attacks, so why are we penalizing them after a breach?  I think that’s because it’s easier to issue fines than it is to track down the criminals and go after them.”

In my opinion, business leaders need to prioritize their own internal efforts to properly protect sensitive information rather than wait on the government to catch up.  First order of business is to identify where confidential files and data live in your organization and ensure visibility of that info (after all, how can you protect what you don’t know about?).  Fortunately, there are technology solutions available to help organizations better manage and govern their critical files and data as they are being moved and consumed both internally and with business partners and across people, systems and various business applications.

This entry was posted in Data Breach, Enforcement, File Security, Managed File Transfer, Management, Security, Visibility and tagged , , , , , , . Bookmark the permalink. Trackbacks are closed, but you can post a comment.

Leave a Reply