How Do We Deal With Data Breaches?
I enjoy buying online and do most of my shopping there. I am also aware of the dangers of doing that. Some of the news coming out with data breaches and stolen identity from companies data bases has me wondering what to do.
The Sony Playstation hack that exposed details for up to 77 million accounts, coming on the heels of the Epsilon hack, has the country talking about what to do about data breaches. Two different approaches popped up in the New York Times and Time this weekend: more laws vs. better technology.
Nick Bilton points out in the NYT that surprisingly, there’s no national data breach law. Rep. Bobby Rush proposed a bill in 2009 — that would, for example, provide free credit monitoring to those affected by a data breach — but it stalled in the Senate. Instead, data breaches are addressed by a patchwork of state laws, setting forth various requirements including notification of those affected, and sometimes fines and payment for identity theft monitoring for breach victims. Congress held a data breach hearing last week and is now reconsidering passing national legislation to standardize punishment for companies that allow their data to be breached. Privacy advocates want companies to take their data protection responsibilities more seriously. After this, Sony certainly will. Reuters reports that Sony’s clean-up bill could be as high as $2 billion. Bloomberg says $50 million.