protect consumer data. In California, data breach legislation that would have set similar requirements, although specifically for payment card data, has twice been vetoed by Gov. Arnold Schwarzenegger despite gaining broad bipartisan support in the state Assembly and Senate.
Some business, most notably financial institutions, have lobbied for stronger data protection laws, but opponents have expressed reservations about state and federal attempts to legislate information security practices. Those who are critical of such legislation argue that while it's appropriate for government bodies to set breach disclosure standards, having them dictate specific security controls can be problematic. Supporters, though, insist that stringent laws are needed to force organizations that collect and store sensitive data to take better care of it.
Reprinted with permission from Computerworld. Story copyright 2008 Computerworld Inc. All rights reserved.
Comments
Security technology changes constantly, but lawmakers treat it as static. The Massachusetts regulations say that if you store sensitive consumer data, you MUST have anti-virus software with “virus definitions”. As we evolve away from definition-based protection, this regulator is locking us into it. Similarly, state legislatures are mandating encryption for security in ways that don't always make sense. –Ben http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html
Post new comment