| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
The article below outlines what might be another use of the
ISSAA (IEEE P1700) standard, if we ever finish it. T. Scott
Ankrum “If
everybody is thinking alike, then somebody isn't thinking.” General
George S. Patton, Jr. May 25, 2009 Editorial Protecting
Electronic Data
http://www.nytimes.com/2009/05/25/opinion/25mon2.html In 2005, ChoicePoint, a data broker,
gave access to personal information about more than 140,000 people to criminals
posing as businesspeople. Since that widely publicized security breach, many
states have passed laws protecting consumer information, but Congress still has
not come through. Now, the House is considering a bill to require greater
security for personal data. Consumers deserve this sort of protection. One of the downsides of the
technology revolution is that private information is more vulnerable than ever.
Security breaches happen on a vast scale. A few years ago, when the laptop
computer of an employee of the Department of Veterans Affairs was stolen from
his home, the Social Security numbers and dates of birth of more than 25
million veterans and active-duty soldiers were put at risk of theft. Representative Bobby Rush, an Illinois
Democrat and chairman of the House Subcommittee on Commerce, Trade and Consumer
Protection, is pushing a bill, H.R. 2221, to require
companies holding electronic data containing personal information to adhere to
security policies established by the Federal Trade Commission. The bill would
require that companies notify affected individuals when their personal
information is breached. The bill also would strike a blow
against companies that compile inaccurate dossiers on consumers. It would
require data brokers — companies that collect and sell consumer data
— to establish procedures for individuals to review the information being
held on them and to correct it if it is wrong. For all of its promise, the bill
poses a risk. The vast majority of states now have good data security laws that
have forced companies to act more responsibly than they once did. The House
bill contains a “pre-emption” provision that would wipe out those
state laws in the specific areas covered by the new federal law. Pre-emption of consumer laws is
generally not a good idea. States should be allowed to offer their residents
greater protections, and to experiment with new approaches. For the federal law
to be worth passing, it must offer more than state laws do. Mr. Rush’s bill has enough
going for it — particularly the provision allowing consumers to correct
errors in their data files — to be a step forward. But as lobbyists for
data brokers and other businesses descend on the legislation, it is important
that Congress not water down the protections that are in the current bill. -- Scott A. Barman Principal Information Systems
Engineer The MITRE Corporation Center for Enterprise
Modernization 7515 Colshire Drive McLean, VA 22102-7539 (703)983-6806 / cell:
(202)285-9029 |