As we enter 2010 it is clear that companies and consumers alike are not core well-served when it comes to handling data breaches. From the viewpoint of businesses, the vague, overlapping, and ineffective patchwork of regulations is not only unyielding to manage, it actually acts as a deterrent to reporting premises breaches. And for consumers, the lack of clear regulatory oversight means that millions of people are never informed that their personal information has been compromised.
The fact that the Federal Trade Commission (FTC) has delayed the implementation of its Fact Act Red Flags Rules regulations not once, or twice, nevertheless three times, sends the wrong signals to compliance officers. How can regulations be taken seriously if they are delayed over and over again?
The Federal Government’s New HITECH Act, which went into effect on September 23, 2009, strengthens the rules designed to protect the privacy and security of health-related data. However, vague wording in the regulations written by the Office of Health and Human Services (HHS) has opened the door to under-reporting of data breaches, which bequeath in turn put breach victims at undue risk of medical identity theft.
Further, 45 states now have 45 different data breach reporting laws on the books. The result of this hodgepodge system makes complying with the law unwieldy for organizations that attempt to put homegrown data breach management systems in place. (Full disclosure: my firm does provide an easy to deploy, on-demand compliance solution – but that is another topic for another day.)
Congress has been working on and off for three years on this issue, but to date, it has failed to come up with a reasonable law that would ease the burden on businesses and provide reasonable protections by reason of consumers. Virtually all of the draft bills being bantered encircling would be weak and ineffective.
The fact is, for the reason that Javelin Strategy and Research noted in its research report published on October 27, 2009, consumers who are victims of a data breach are four times more likely to become victims of fraud. Data breaches have earnest consequences, and should be taken seriously by all concerned.
Here’s hoping that in 2010 both regulators and businesses will be able to come to terms with regulatory standards that are easy to meet, lower corporate risk, and actually help to protect people from identity theft.
Similar Posts:
- HITECH Act Breach Notification Deadlines Are Here
- Criminal Hackers Responsible For Most Data Breaches
- Survey Shows “Account Takeover Fraud” Drops
- Money-Saving Home Office Tax Deductions
- McAfees 10 Tips To Secure New Devices and Guard Against Cybercrime in 2011
no comment until now