David Etue, senior security strategist at Fidelis Security Systems, a security solution provider in Bethesda, Md., says that "the FTC estimates the inadvertent or deliberate extrusion of critical data costs consumers and businesses $50 billion a year," a growing concern that could "threaten the integrity and growth of e-commerce" or even compromise national security.
In a statement released this week, Etue says the FTC and Congress are planning to launch new data privacy legislation during the remainder of this term and into the next one. Etue contends that any new law must be guided by principles, including clear, uniform and comprehensive application -- which applies to public and private organizations and includes authoritative definitions of "personal data" and "identity" -- and national benchmarks that "set a floor of protection, rather than a ceiling."
Etue also argues that such laws should deploy agreed-on best practices and require "vigorous" enforcement and "substantial" penalties for noncompliance.
"Penalties must be designed to encourage compliance that genuinely lessens the risk of private data loss," he writes. "This translates into significant funding; substantial penalties for intentional violations; lesser penalties for unintentional violations; and penalties based on the number of identities disclosed." He also suggests rewarding organizations that do comply and penalizing international violations at a higher rate.
Hopefully, the coming political season will result in the kind of results that make future studies of data security more encouraging. But, as Etue says, "Our economy's needs don't track the electoral calendar. 2007 must be the year for clear, uniform and comprehensive federal data privacy legislation."
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
