Network Computing is part of the Informa Tech Division of Informa PLC
The Politics of Infosec
These aren't isolated cases. In a recent survey by Deloitte & Touche, Harris Interactive and Privacy & American Business, 20 percent of respondents said they've been the victim of identify fraud or theft. That response, from a representative sample of the U.S. population, suggests a total of 44 million victims nationally. The FTC puts the number at 10 million, but even so, it estimates annual damages at $5 billion for individuals and $48 billion for businesses.
Any problem that inflicts such damage is bound to invite political intervention, and momentum is building for U.S. legislation akin to the data-protection laws in Canada, Europe and Japan. Under a bill introduced last month by Sens. Patrick Leahy (D-Vt.) and Arlen Specter (R-Pa.), companies that store information on more than 10,000 people would have to create formal programs to train employees in security practices, perform vulnerability tests and ensure that third-party service providers have adequate security. Consumers would get regular access to their data files so they could make corrections. Under a similar plan backed by Sens. Charles Schumer (D-N.Y.) and Bill Nelson (D-Fla.), an office of identity theft would be created within the FTC, funded at $60 million a year for five years.
While $60 million may sound like a bargain to solve a $50 billion problem, consider the funding and red tape already behind the Health Insurance Portability and Accounting Act, Graham-Leach Bliley Act, Fair Credit Reporting Act, Driver's Privacy and Protection Act and the myriad other federal and state acts of good will that ostensibly protect privacy and ensure information security. The FTC Act, which prohibits "unfair or deceptive acts or practices in or affecting commerce," served as the legal grounds for the infosec actions against BJ's Wholesale and four other companies. Do we need yet another layer of regulations?
A better next step would be to extend nationwide a California law requiring companies to notify customers whenever personal information is believed to be compromised. Faced with the public embarrassment of such national disclosures, companies will get their infosec acts together, while immediate notification of security breaches will let those affected head off fraud.
Recommended For You
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.
By arming SD-WAN networks with end-to-end intelligence, analytics-driven predictions, and predictive automation solutions, IT teams can simplify infrastructure management and assure higher levels of quality experiences for users.