US Subcommittee Clears Proposed Bill to Improve Data Breach Notification

Albuquerque, New Mexico (PressExposure) July 21, 2011 -- Recently, a subcommittee of the Energy and Commerce Committee of the United States (U.S) House of Representatives approved a proposed Secure and Fortify Electronic (SAFE) Data Act. The proposed Act aims to protect the interests of the consumers by requiring organizations to maintain reasonable security policies and procedures for safeguarding personal information. The bill sponsored by Republican Mary Bono Mack now requires Congressional approval. The bill emphasizes on the need for a security policy for collection, use and dissemination of personal information, to establish a point of contact for the management of information security, identification of vulnerabilities and initiating preventive action. Professionals qualified in masters of security science [] may facilitate creation of appropriate IT security policies.

The proposed bill requires Federal Trade Commission (FTC) to establish rules and regulations for implementing measures to ensure data security. The FTC must take into account the nature, scope, complexity, size and cost of implementation as well as the nature, size and sensitivity of the information held while framing the rules and regulations.

The bill requires organizations to notify the law enforcement officials without unreasonable delay in the event of data breach and initiate measures to prevent recurrence of such incidents. They must notify the FTC within 48 hours after the identification of individuals whose personal information is compromised. In the event, a data breach incident takes place at a third party, which holds data on behalf of the owner, the responsibility for notifying the law enforcement and preventing such incidents lies with the third party. The owner would be responsible for identifying and informing the affected stakeholders and FTC. If the data breach incident involves over 5000 individuals, organizations must also notify the credit reporting agencies. The proposed bill requires organizations to communicate to the affected individuals as early as possible and places a deadline of 45 days for commencing notification unless they receive a request for delay from law enforcement authorities.

Organizations and individuals involved in inter-state trade or commerce must place high emphasis on data security. They must educate employees on information security practices through training programs and online degree courses in collaboration with educational and training institutes.

Timely availability, confidentiality, integrity and security of information are crucial for unhindered business operations. Over the last few months, there have been a series of data breach incidents, which have adverse implications on the affected individuals and organizations. Notable among the data breach incidents include those at Epsilon, Texas Comptroller Office, Sony and Citigroup. Organizations incur considerable expenditure on business promotion. However, data breach incidents have the potential to unravel the goodwill generated by a company after years of tireless efforts. Further, they have to incur huge expenditure to resolve claims and introducing security enhancements. Texas Comptroller Office reportedly spent over $1.8 million as a result of the data breach. The expenditure comprised of the cost of mailing letters, negotiating discounts on credit monitoring, establishing call center, and hiring consultancy services among others. Affected customers and stakeholders face the risk of identity theft and fraud. As such, government agencies must encourage online university degree programs to improve cyber security practices among the netizens.

About EC-Council

Contact Press

Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Press Release Source:

Press Release Submitted On: July 21, 2011 at 5:23 am
This article has been viewed 7941 time(s).