Content

Federal law needs to cover everyone

Certainly, California's SB1386 has played no small role in publicizing exposures of personally identifiable information, but it applies only to organizations conducting business in California and the state's government agencies. The U.S. Government Accountability Office's public reports do release information about agencies doing a less than stellar job with their security controls (no taxpaying citizen can forget how the Internal Revenue Service exposed their data to potential ID theft through a myriad of security holes earlier this year). And, of course, the annual FISMA report card shows just how well (or not) the government is doing in implementing much needed security controls across its vast and diverse systems.

But public disclosures about federal agencies' blunders when dealing with citizens' personal data are sporadic – certainly not hitting news outlets as much as stories regarding private companies' security gaffes. So why is it that they are excluded from some of the proposed ID theft bills bandied about on Capitol Hill?

According to this month's cover story, this stems from time-consuming complexities arising from trying to reconcile proposed ID theft mandates with post 9-11 legislation. That is, some in Congress want to make sure there are no conflicts between new privacy legislation and existing 9-11-related laws. Yet there seem to be no issues with adding more rules for private companies to follow.

I've advocated in past columns that a federal privacy law would be the appropriate action for lawmakers to take – especially if it enlists security standards already set forth in other laws, such as GLBA. But what is distressing is the possibility that the same privacy demands to which private corporations could be held may not be applied to federal agencies. They too store just as much data about individuals and, Patriot Act or not, should be accountable for preventing its compromise.

If these entities and private groups take steps to implement the proper security mechanisms, they could find themselves nominated in the SC Global Awards 2006. The event honors professionals, from CSOs and IT security teams to vendors whose products readers can't live without. To nominate products, people and more, please visit www.scawards.com.Illena Armstrong is the U.S. editor

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.