Albuquerque, New Mexico (PressExposure) July 21, 2011 -- Recently, a subcommittee of the Energy and Commerce Committee of the United States (U.S) House of Representatives approved a proposed Secure and Fortify Electronic (SAFE) Data Act. The proposed Act aims to protect the interests of the consumers by requiring organizations to maintain reasonable security policies and procedures for safeguarding personal information. The bill sponsored by Republican Mary Bono Mack now requires Congressional approval. The bill emphasizes on the need for a security policy for collection, use and dissemination of personal information, to establish a point of contact for the management of information security, identification of vulnerabilities and initiating preventive action. Professionals qualified in masters of security science [http://www.eccuni.us/Academics/MasterofSecurityScience.aspx] may facilitate creation of appropriate IT security policies.
The proposed bill requires Federal Trade Commission (FTC) to establish rules and regulations for implementing measures to ensure data security. The FTC must take into account the nature, scope, complexity, size and cost of implementation as well as the nature, size and sensitivity of the information held while framing the rules and regulations.
The bill requires organizations to notify the law enforcement officials without unreasonable delay in the event of data breach and initiate measures to prevent recurrence of such incidents. They must notify the FTC within 48 hours after the identification of individuals whose personal information is compromised. In the event, a data breach incident takes place at a third party, which holds data on behalf of the owner, the responsibility for notifying the law enforcement and preventing such incidents lies with the third party. The owner would be responsible for identifying and informing the affected stakeholders and FTC. If the data breach incident involves over 5000 individuals, organizations must also notify the credit reporting agencies. The proposed bill requires organizations to communicate to the affected individuals as early as possible and places a deadline of 45 days for commencing notification unless they receive a request for delay from law enforcement authorities.
Organizations and individuals involved in inter-state trade or commerce must place high emphasis on data security. They must educate employees on information security practices through training programs and online degree courses in collaboration with educational and training institutes.
Timely availability, confidentiality, integrity and security of information are crucial for unhindered business operations. Over the last few months, there have been a series of data breach incidents, which have adverse implications on the affected individuals and organizations. Notable among the data breach incidents include those at Epsilon, Texas Comptroller Office, Sony and Citigroup. Organizations incur considerable expenditure on business promotion. However, data breach incidents have the potential to unravel the goodwill generated by a company after years of tireless efforts. Further, they have to incur huge expenditure to resolve claims and introducing security enhancements. Texas Comptroller Office reportedly spent over $1.8 million as a result of the data breach. The expenditure comprised of the cost of mailing letters, negotiating discounts on credit monitoring, establishing call center, and hiring consultancy services among others. Affected customers and stakeholders face the risk of identity theft and fraud. As such, government agencies must encourage online university degree programs to improve cyber security practices among the netizens.