A "Cost of Doing Business" Thing: After Another Round of High-Profile Breaches, Congress Takes a Shot at National Data Security Standards

By Barron, Jacob | Business Credit, July-August 2011 | Go to article overview

A "Cost of Doing Business" Thing: After Another Round of High-Profile Breaches, Congress Takes a Shot at National Data Security Standards


Barron, Jacob, Business Credit


[ILLUSTRATION OMITTED]

In April and May, Sony experienced one of the largest data security breaches in history.

More than 100 million users had their data compromised, data that included identifying information like names, birth dates and at least some partial financial information and payment card details. Originally, Sony announced that cyber-attacks taking place on April 17 and April 19 had spilled data from 50-75 million accounts out into the open, only later adding another 24.6 million accounts to that grand total following an additional breach in early May.

While the breach itself was big news, especially with a grand total of compromised users that was twice that of the famed 2007 TJX breach, in which nearly 46 million customers had their data stolen, what was even bigger news was Sony's response to the network intrusion.

Sony shutdown the compromised network on April 20, and, a little less than a week later, issued an email and a blog posting notifying customers that there was a breach, that an unauthorized assailant had obtained users' names, addresses, countries, email addresses, birthdates, passwords and logins, and that while there was no evidence that credit card data had been taken, Sony could not "rule out the possibility."

A little less than a week doesn't sound like that much time in the scheme of things, but in terms of data breaches, the six days between the intrusion and shutdown and the blog posting may as well have been a lifetime.

"When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised ... I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party,' said Sen. Richard Blumenthal (D-CT) in a letter to Sony on April 26. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised."

Sony would go on to ignore Blumenthal's letter, prompting the junior senator to send another in early May, following the revelation of the even greater scope of the data theft. "Sony's failure to adequately warn its customers about serious security risks is simply unconscionable and unacceptable" he said. "The company should do everything in its power to promote transparency and speed notification in order to protect its users against identity theft and financial fraud'

Reactions

Blumenthal wasn't alone in his outrage, and several other, more senior legislators took the Sony breach, and the Citigroup breach that followed only days later, as a sign that the time had come for Congress to act.

Some could view this as yet another example of Congress nobly striding in to shut the stable door after the horse has already escaped. Nonetheless, there are many in Congress who have held out hope session after session for the establishment of a nationwide data security and breach notification standard. Currently, there's a patchwork of 47 state law legal frameworks, but no federal law to supersede these and bind all states to the same standard.

"This is a new cost of business in America,' said Sen. John Rockefeller, IV (D-WV), a cosponsor of one of the two bills currently being considered in Congress that would enact a nationwide data security and breach notification standard.

"When criminals break into a database, they can use this information to commit identity theft which can have devastating consequences."

"There's a broad consensus that data security legislation is necessary," he added. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

A "Cost of Doing Business" Thing: After Another Round of High-Profile Breaches, Congress Takes a Shot at National Data Security Standards
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.