Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Old arguments may bog down US data breach notification legislation

Grant Gross | Jan. 28, 2015
A drive in the U.S. Congress to pass a law requiring companies with data breaches to notify affected customers may get bogged down in old arguments.

A notification law shouldn't inundate consumers with "meaningless notices when there is no risk of harm," Barrett-Glasgow said.

But Congress shouldn't leave the decision to send out notices in the hands of breached companies, Hartzog said. Consumer problems from data breaches go beyond ID theft or economic harm, to include damage to reputation or a loss of personal data that can lead to phishing attacks months later, he said. A new law should default to reporting data breaches, not to determining harm before reporting, he said.

Relying on breached companies to determine harm to customers "is a dubious proposition in several different ways," Hartzog said. "It's very difficult to draw a line of causation between a breach that occurred and likely harm that can happen sometime in the future."

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.