Federal Data-Protection Law

November 24, 2009 — Mrs. Mecomber

On the surface, this sounds like good news. Basically, it’s a bill that would create a national standard for protection of data, and would require notification of breaches of sensitive data. Data breaches, data sharing, and data theft has become FAR too common, and businesses and the government have treated it very lightly. So, I’m hoping this new bill would help resolve it– of course, I’m also hoping the government hasn’t added a ton of pork or liberty-killing bills dog-eared with this bill. :-p

Federal data-protection law inches forward
The Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee

A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.

The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration.

If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.

Under the proposed law, all private and government entities handling sensitive data would be required to implement specific risk assessment and vulnerability testing measures. They also would be required to deploy measures for controlling access to sensitive data, detecting and logging unauthorized accesses to the data, and protecting data while it is in transit and at rest.

The bill would introduce a federal breach-notification standard under which companies would be required to notify not just individuals affected by a data breach, but also, in some cases, credit reporting agencies and the U.S. Secret Service. It would establish a new Office of Federal Identity Protection within the Federal Trade Commission and stiffen penalties for identity theft and related fraud.

The law would also provide notification exemptions for companies that have taken adequate measures — such as encryption — to protect sensitive data. Companies would also not be required to immediately disclose a breach if it would hinder a criminal investigation. But such exemptions would need to be vetted by the Secret Service. The law provides for penalties against executives of companies that willfully conceal a data breach.

Here’s hoping we see some change….

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in crime, security news. Tags: , , , . Comments Off »

Spam Supplier Shut Down!

October 14, 2008 — Mrs. Mecomber

I’m stunned that of all the media news outlets, my local news is the only one carrying this story right now:

Authorities shut down major spam supplier

CHICAGO (AP) – Federal authorities in Chicago say they’ve shut down one of the largest spam e-mail operations in the world. The Federal Trade Commission says the group generated e-mails promoting sales of prescription drugs and “male enhancement” pills.

The FTC says authorities closed the operation by working with their counterparts in New Zealand.

The FTC plans to provide more details at a news conference in Chicago later in the day.

This is great news! I don’t get a whole lot of spam via email anymore, although it’s starting to pick up since a free samples company got my email address– I was dumb! I do get a TON, literally, a TON, of comment spam on my WordPress blogs. WordPress should really try to do something about that, if possible.

Anyway, I’m glad to see a spammer get canned. FINALLY. I’m hoping the governments didn’t breach any civil liberties to nab their guy, though… that stuff makes me more concerned than the spam.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in crime, news. Tags: , . Comments Off »
«
»