written by Chad F. Walter
I’m in complete agreement with the President, and the need for the Federal Government to take a firmer, unilateral stance on breach notification. Many of the States have done a great job, but their jurisdiction ends at the borders and because the cyber world has no geographical boundary, it’s time for the Federal Government to step up to protect the citizens of the US as a whole.
Now, I’m not jumping on the bandwagon just yet.
The concept is great but, based on previous history demonstrated by our current Federal Government officials (yes…all of them), I’ll wait a little. Both of the issues referenced in this article need to be addressed individually and not attached to or combined with any other bills they’re trying to get passed. Stop playing political games, write some solid legislation, and pass it.
Regarding a Federal Breach Notification Act, I concur with John Leibowitz. A “30-day shot clock” is far too long. Cyber attack is immediate, breached data is leveraged in the now as time kills value. Consequently, US citizens are impacted in real-time. This bill needs to require corporations (and government entities) to notify consumers immediately, even if the breach is only suspected. I know this sounds harsh, but the earlier the notification happens, the quicker everyone can take necessary defensive actions. After all, communication has always been king, and never more so than under such circumstances.
Related to the protection of student data, how are they going to administer this and what are the penalties going to look like? It’s really a “wait and see” situation. If they don’t add real teeth to the bill, it’ll be (yet) another useless piece of legislation.