-----Original Message-----
From: Cole, John (Civ, ARL/CISD)
Sent: Mon 3/27/2006 7:13 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: LEGISLATORS AGREE ON DATA-BREACH TERMS
Wonder if they are aware of the IEEE standards being developed in this
area...
LEGISLATORS AGREE ON DATA-BREACH TERMS
Members of a House committee have agreed on compromise language in a
data-protection bill intended to provide increased protections for
sensitive consumer information. The Data Accountability and Trust Act
(DATA) includes definitions of when organizations must report a data
breach to customers and requires companies that handle such information
to meet minimum standards for protecting sensitive data. In its
original form, the bill only required disclosure if an event carried a
"significant risk" of identity theft. The compromise language mandates
notification if a "reasonable threat" exists. The bill requires data
stewards to take "reasonable" precautions against data theft and to
perform periodic assessments to verify that data has not been
compromised. Rep. Joe Barton (R-Tex.), chair of the Energy and Commerce
Committee, said the existing statutes for data protection "are so
flimsy they're laughable." Rep. John Dingell (D-Mich.) said the DATA
bill "focuses on strong security systems, notice to consumers of
breaches, and tough enforcement."
Internet News, 24 March 2006
http://www.internetnews.com/bus-news/article.php/3594136
<http://www.internetnews.com/bus-news/article.php/3594136>
