- United States
-
Global Sites
Public policy insight for your business
Lawmakers focus on data security in the wake of large-scale breaches
High-profile data breaches at Epsilon and Sony have continued to bring intense scrutiny from both legislators and regulators, giving momentum to data security proposals in Congress. The Obama Administration also continues to move forward with a cybersecurity initiative that would require government agencies and commercial entities to do more to safeguard consumer information and notify consumers when certain information is breached.
In Congress, members of both the House and the Senate have used the recent data breaches to demonstrate the need for legislation enacting a uniform national data breach notification standard, as well as increasing data security standards for companies that collect consumer information. In late April, the Administration issued the National Strategy for Trusted Identities, which aims to protect the privacy and security of Internet users by encouraging a broad online authentication market in the United States. The plan is intended to apply pressure on government agencies and private companies to do a better job of authenticating consumers’ identification on the Internet. In addition, the White House released its cybersecurity initiative in May. The initiative proposes that certain private companies that provide vital services and are deemed critical infrastructure — such as public utilities, transportation networks and certain financial institutions — must submit detailed plans showing how they can defend themselves against a cyberattack. The initiative also would implement a national data breach notification law.
While the recent data breaches have elevated the policy debate about data security, they also serve as a reminder for companies operating on the Internet to ensure they are following industry best practices and current regulations.