A "Cost of Doing Business" Thing: After Another Round of High-Profile Breaches, Congress Takes a Shot at National Data Security Standards

By Barron, Jacob | Business Credit, July-August 2011 | Go to article overview
Save to active project

A "Cost of Doing Business" Thing: After Another Round of High-Profile Breaches, Congress Takes a Shot at National Data Security Standards


Barron, Jacob, Business Credit


[ILLUSTRATION OMITTED]

In April and May, Sony experienced one of the largest data security breaches in history.

More than 100 million users had their data compromised, data that included identifying information like names, birth dates and at least some partial financial information and payment card details. Originally, Sony announced that cyber-attacks taking place on April 17 and April 19 had spilled data from 50-75 million accounts out into the open, only later adding another 24.6 million accounts to that grand total following an additional breach in early May.

While the breach itself was big news, especially with a grand total of compromised users that was twice that of the famed 2007 TJX breach, in which nearly 46 million customers had their data stolen, what was even bigger news was Sony's response to the network intrusion.

Sony shutdown the compromised network on April 20, and, a little less than a week later, issued an email and a blog posting notifying customers that there was a breach, that an unauthorized assailant had obtained users' names, addresses, countries, email addresses, birthdates, passwords and logins, and that while there was no evidence that credit card data had been taken, Sony could not "rule out the possibility."

A little less than a week doesn't sound like that much time in the scheme of things, but in terms of data breaches, the six days between the intrusion and shutdown and the blog posting may as well have been a lifetime.

"When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised ... I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party,' said Sen. Richard Blumenthal (D-CT) in a letter to Sony on April 26. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised."

Sony would go on to ignore Blumenthal's letter, prompting the junior senator to send another in early May, following the revelation of the even greater scope of the data theft. "Sony's failure to adequately warn its customers about serious security risks is simply unconscionable and unacceptable" he said. "The company should do everything in its power to promote transparency and speed notification in order to protect its users against identity theft and financial fraud'

Reactions

Blumenthal wasn't alone in his outrage, and several other, more senior legislators took the Sony breach, and the Citigroup breach that followed only days later, as a sign that the time had come for Congress to act.

Some could view this as yet another example of Congress nobly striding in to shut the stable door after the horse has already escaped. Nonetheless, there are many in Congress who have held out hope session after session for the establishment of a nationwide data security and breach notification standard. Currently, there's a patchwork of 47 state law legal frameworks, but no federal law to supersede these and bind all states to the same standard.

"This is a new cost of business in America,' said Sen. John Rockefeller, IV (D-WV), a cosponsor of one of the two bills currently being considered in Congress that would enact a nationwide data security and breach notification standard.

"When criminals break into a database, they can use this information to commit identity theft which can have devastating consequences."

"There's a broad consensus that data security legislation is necessary," he added.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

A "Cost of Doing Business" Thing: After Another Round of High-Profile Breaches, Congress Takes a Shot at National Data Security Standards
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?