Content

Industry, law enforcement must team up to stop breaches

Government agencies, financial services companies, data aggregators, and other firms must do a better job combatting identity theft, according to an IT industry group.

The Information Technology Association of American (ITAA) released a plan yesterday encouraging organizations to work together to fight data breaches and strengthen the security and privacy of customer data.

"Consumers should not have to worry about their information getting into the hands of identity thieves and other criminals," said ITAA President Harris Miller in a statement. "People have a reasonable expectation that information they disclose on a credit application or for other purposes will be treated responsibly and that their right to privacy will be protected."

The ITAA is pushing for the improvement of law enforcement powers and enhanced notification of affected individuals when breaches do occur. Its plan calls for a national breach notification law and better cooperation between industry groups and law enforcement.

In addition, a national law enforcement effort that increases penalties for internet thieves must be implemented, according to ITAA's six-point strategy. The group's plan also encourages data aggregators and other companies to develop strong IT security processes and adopt new security tools.

According to the ITAA, the onus falls to both private sector companies and government agencies storing critical customer data to ensure they have a meaningful security policy, supported by properly deployed security solutions to enhance authentication and vetting processes. Further, a set of best practices, policy standards and educational initiatives should be undertaken by all affected industry players.

"The ITAA plan ... promotes the adoption of best practices to address the root cause of identity theft rather than just treating the symptoms. The only way that these best practices can work is if they are implemented in concert with legislation through law enforcement," said Christine Crandell, vice president of marketing at IPLocks. "[It] implements the necessary elements of people, process and technology so that organizations can implement robust information security to effectively deter these breaches."

www.itaa.org

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.