US Attorney General calls for unified data breach notification laws

Filed Under: Data loss, Featured, Law & order, Privacy, Security threats

DOJUS Attorney General Eric Holder has put his weight behind a growing wave of pressure to improve how data leaks are handled by companies and institutions.

Interest in improving ways to ensure people are protected from leakage of personal data, and kept informed when such breaches do occur, has boomed since the recent barrage of large-scale, headline-making compromises in retail and tech firms.

Holder used the platform of his weekly video message, posted on the website, to talk about "Protecting Consumers from Cybercrime".

Responding explicitly to the recent Target and Neiman Markus leaks, the Attorney General demanded Congress get busy developing a "strong national standard" for breach notifications.

He claimed this would make it easier for law enforcement to investigate breaches, make breached entities more accountable for any sloppy security practices and help those whose data has been leaked.

The need for federal-level controls over how we react to data leaks has been pointed out before, of course, with current regulation fragmented across state lines.

Most states have at least some rules in place, as do territories such as Guam, Puerto Rico and the Virgin Islands, but there's little by way of uniformity or consensus.

A few states, including Alabama, Kentucky, New Mexico and South Dakota, appear to have no regulations in place as yet, while at least 17 are working on tweaks to their current rules, aiming for clarity but contributing to the general chaos.

European law seems to be well ahead in terms of consistency and clarity, with centralised regulation of all manner of privacy and data handling issues, although these rules are of course still not immune from criticism.

Like much Euro-law, central policy is complicated by the need to interact with overlapping local regulation, and such complications tend to get amplified as rules are applied on a wider scale.

But if Europe and the US can agree on fundamentals and create a widely-accepted basic standard, this could lead to baseline rules which can be adopted and applied around the world.

Regulation and law at the national or federal level is a good step forward, but ultimately the internet needs fully-global law (and law enforcement), to cope with the global nature of internet crime and malfeasance.

Holder's pushing of this agenda is greatly welcomed, but his ideas should be considered just another step on the long road to a safer digital planet.

, , , , ,

You might like

3 Responses to US Attorney General calls for unified data breach notification laws

  1. Jeff Bastian · 586 days ago

    Considering Eric Holder and the department of justice's unconstitutional spying on American citizens these new controls over reporting data breeches would be like having the big bad fox manage security for the three pigs's house.

  2. Joe · 586 days ago

    Let's reform the NSA, FBI, CIA, DHS, FCC, CBP, etc. FIRST. Then let's write data protection laws for citizens SECOND. Then maybe we can think about giving Big Brother more power.

  3. Steve · 586 days ago

    "...ultimately the internet needs fully-global law (and law enforcement)..."

    NO! NO! NO! NO! NO! NO! NO! NO! NO! NO! NO! NO! NO! NO! NO!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.