If you ever felt like getting involved in politics and defending our rights, this one is a no brainer.
From SANS:
quote: --Proposed Data Breach Notification Law Draws Fire (16 March 2006) The House Financial Service Committee has passed the Financial Data Protection Act of 2005, drawing the ire of groups committed to promoting and protecting consumer privacy. The bill, known as HR 3997, would supersede state data breach notification laws. It requires organizations to notify customers of security breaches only when they believe there is reasonable risk of harm to those customers. In addition, HR 3997 would supersede state laws allowing consumers to place freezes on their credit reports as a preventive measure against identity fraud; the bill would allow a freeze only after someone has already been the victim of identity fraud.
Editor's Note (Paller) The debate over this bill heralds the elevation of cyber security to a national political issue. Lou Dobbs of CNN understands the issues and has agreed to use his position to increase pressure on Congress not to weaken the consumer protections that state disclosure laws now provide. This is a hot enough issue that it will move voters away from candidates who pander to commercial interests over those of consumers. These consumer interests coincide well with the interests of cybersecurity professionals who care about effective cybersecurity.
(Schultz): To say that this bill represents a definite setback to consumer interests in the US is a gross understatement. I'm especially concerned that the judgment of organizations that experience security breaches would according to this law become the basis for determining whether or not consumers are notified. If an organization is not sufficiently conscious to adequately defend its own systems, how could it be competent enough to know when to inform consumers? Also, a bill that might limit consumers' ability to put freezes on their own credit reports to protect themselves against identity fraud is lamentable.
(Honan): This legislation seems to be forgetting that the data belongs to the consumer and not the organizations holding that data.
(Shpantzer) This bill should emulate the highest standard in the various state laws, not the lowest common denominator. It's interesting to note that politicians who claim to advocate for state's rights trample on state laws when enough lobbyists come to pay them a visit, so to speak.