Cyber Security News Wrap-up for November 2009: Data privacy, NSA, Linux, Power Grid
H.R.2165 – Bulk Power System Protection Act of 2009
To amend Part II of the Federal Power Act to address known cybersecurity threats to the reliability of the bulk power system, and to provide emergency authority to address future cybersecurity threats to the reliability of the bulk power system, and for other purposes.
S.1490 – Personal Data Privacy and Security Act of 2009
A bill to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information
http://www.pcworld.com/article/181549/senate_panel_approves_databreach_notification_bills.html
The U.S. Senate Judiciary Committee has approved two bills that would require organizations with data breaches to report them to potential victims.
The Judiciary Committee on Thursday voted to approve both the Personal Data Privacy and Security Act and the Data Breach Notification Act by large majorities.
The Data Breach Notification Act, sponsored by Senator Dianne Feinstein, a California Democrat, would require U.S. agencies and businesses that engage in interstate commerce to report data breaches to victims whose personal information “has been, or is reasonably believed to have been, accessed, or acquired.”
Feinstein’s bill would also require agencies and businesses to report large data breaches to the U.S. Secret Service
The Personal Data Privacy and Security Act would also require that organizations that maintain personal data give notice to potential victims and law-enforcement authorities when they have a data breach. It would increase criminal penalties for electronic-data theft and allow people to have access to, and correct, personal data held by commercial data brokers.
The second bill, sponsored by Senator Patrick Leahy, the Judiciary Committee chairman and a Vermont Democrat, would also require the U.S. government to establish rules protecting privacy and security when it uses information from commercial data brokers.
Several tech groups have called for the U.S. Congress to pass national data-breach notification legislation. Since a series of high-profile data breaches in early 2005, about 45 states have passed data-breach notification laws.
It’s difficult for companies to comply with the separate state laws, officials from cybersecurity product vendor Symantec have said.
Symantec CEO Enrique Salem sent a letter to the committee Wednesday in support of the Leahy data-breach bill.
The Leahy bill “is a major step forward towards enacting a comprehensive, uniform national framework to better prevent breaches of sensitive consumer information as well as setting a clear standard for effective notification should a breach occur,” Salem wrote.
Symantec supports the bill’s language saying that if personal data is encrypted or otherwise rendered unusable, organizations don’t have to report the data breach, the letter said. The committee has recognized “there are widely accepted industry best practices and standards for data security that companies can look to as a road map for compliance when protecting electronic data,” Salem wrote.
The Business Software Alliance, a trade group, also praised the committee for approving both bills.
“In recent years, hundreds of millions of individual records containing sensitive personal information have been involved in computer security breaches,” BSA President and CEO Robert Holleyman said in a statement. “The frequency and severity of data breaches have prompted more than 45 states to pass data security laws, creating a confusing patchwork quilt of regulations.”
Both bills now head to the full Senate for votes. The timeline for action in the Senate is unclear.
Duration : 0:5:27
Incoming search terms for the article:
- cons of S 1490: Personal Data Privacy and Security Act of 2009
- fema online banking theft
- identity theft facts about identity theft identity theft punishment report identity theft identity theft protection identity theft prevention
- S 1490 - Personal Data Privacy and Security Act of 2009
Cyber Awareness: Identity Theft & Phishing
Defining and solving 10 illegal acts on identity theft and information security by 16,000 federally insured banks, savings institutions and credit unions. Illegal acts include identity theft in the form of fake web sites, email spam, and phishing, plus deceptive privacy statements, violations of consumer protection laws, and violations of Sarbanes-Oxley and SEC rules.
Duration : 0:9:21
P2P Filesharing, Peer to Peer Hacking for Identity theft www.IDTheftSecurity.com
http://www.IDTheftSecurity.com P2P compromises data and privacy. Learn to protect your PC from hackers and increase data security
Duration : 0:4:7
Cyber-Security and Privacy @ UC Irvine
The Center for Cyber-Security and Privacy focuses on the importance of security and privacy in our increasingly computerized life. This importance of security and privacy is evident in the prevalence of major news stories about identity theft, privacy-eroding legislation and industry practices, spam, phishing, worms and viruses. The Center aims to develop feasible and effective remedies that are legally permissible and enforceable, and understandable and acceptable for computer users.
Duration : 0:3:50