Sen. Patrick Leahy's bill wins approval

Breach notification and data security are now closer to reality, thanks to the three bills three bills, proposed by Chairman Leahy(D-VT), Senator Blumenthal (D-CT), and Senator Feinstein (D-NH).

The Senate Judiciary Committee approved the bill on Sept 22. The committee’s 10 Democrats voted in favor and its eight Republicans voted against it. Leahy was disappointed that no Republican supported the measures.

About the three bills

As per the three bills, businesses are required to develop data privacy and security plans and set a federal standard for notifying individuals of breaches of sensitive personally identifiable information (SPII).

The Leahy bill

This bill is also known as the Personal Data Privacy and Security Act of 2011,. It is a cyber-security and online-privacy measure introduced to deal with threats from hackers and malicious software.

Three important points about Senator Leahy’s bill:

a.  ‘Data minimization’ provision, requiring businesses to establish a plan to minimize the amount of SPII the business retains and to delete SPII that is no longer needed to fulfil a (unspecified) business purpose or legal obligation.

b. Previous iterations of Leahy’s bill had several sections on government access to commercial data. These have now been stricken off.

c. An important addition during markup was a provision designed to ensure that the CFAA is not used against people who merely violate website terms of service

Is this time any different?

Cyber security bills have been introduced before but not much was done about them. Data breach cases are growing at an exponential speed and hopefully this time is different.

Senator Chuck Grassley and the EFF concerned about the new bills

Here is what Senator Grassley had to say “Americans want and need the Congress to work with private businesses to create jobs,” “However, under this bill, we may end up with more burdensome regulations, small businesses forced into bankruptcy, jobs lost, and consumers still going unprotected because the over-notifications will be ignored.”

EFF and a group of civil liberties organizations and scholars have requested the committee to ensure the CFAA doesn’t punish ordinary computer users who happen to breach terms of use.

Discrepancies in the bill

According to the current bill, government employees who violate employment agreements remain vulnerable to contract-based prosecutions under the CFAA. All computer users should be protected against such charges irrespective of their work place.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.