Debate

October 18, 2006

FOR, by Marne E. Gordon

If the primary purpose of government is to protect its citizenry, then federal agencies should be held to the same standard, if not a higher one, than the private sector when it comes to information security and protection of non-public personal information.

When the Government Reform Committee released its Federal Computer Security score card for 2004 to Congress, the average agency scored a dismal D+.

It is also grossly hypocritical for government to impose infosec regulations on the industries it regulates when the government itself is unable to hold itself to the same standards.

Finally, the government stores the most sensitive personal information, yet citizens cannot ask this information to be withheld. Serving as the repository for this information sets the government up as a target for ID thieves.

Therefore, government owes a duty of care to individuals to protect this information from theft, misuse and harm. The government must hold itself to a very high standard of protection for sensitive data.

 

AGAINST, by Kristin Gallina Lovejoy

Instead of approaching the question of privacy as one regarding the right of the individual within a broader social context, we have mandated that specific segments of the market regulate specific types of data (i.e., health and credit information) used under certain conditions.

Today, state governments, as well as industry groups, recognize the deficiency and have been busily passing a patchwork of disclosure mandates.

To heck with debates on federalism vs. states-rights and the free market. Our house is burning and we are checking batteries in the smoke detector. What we need is passage of an omnibus information protection framework at the federal level based on common definitions of privacy, identity and protected information. We need an omnibus protection act that not only institutes a requirement for the kind of information organizations must disclose and when, but implements a "good governance model" for all businesses collecting protected information that allows a consistent, pragmatic approach to control.

prestitial ad