A series of high-profile data leaks last year in the U.S. sparked a flurry of activity in Congress and it seemed as if a much-needed national law would be passed at any moment, or at least in early 2006. However, recent events raise doubts as to whether the problem will be regulated by the end of this year. According to expert opinion at InfoWatch, business circles are intentionally delaying the adoption of a law on data leaks so that they don’t have to pay fines for their carelessness.
More than a year has passed since the biggest leaks in the history of the U.S. – the theft of private data from the companies ChoicePoint and LexisNexis. However, Congress is still trying to come to an agreement on what exactly a federal bill on leaks should look like. Time is quickly running out and it is looking more and more likely that Congress will fail to pass a national law on the issue this year.
There are currently 10 draft bills on data leaks being considered by legislators today, some of which data back to early 2005. Each of them have there own particular nuances related to when exactly a company that has leaked information ought to notify the victims and whether those victims can freeze their bank accounts following a leak.
As well as those bills being considered by Congress, five House Committees have put forward their own draft laws on data leaks. One gets the impression that “concern” about the security of people’s private data has become so popular among U.S. politicians that practically every faction is trying to get a slice of the pie to increase their ratings. In any case, it is difficult to see how Congress can decide between 10 separate, but very similar bills.
It is a very different situation from the end of 2005 when the adoption of a data leakage law seemed imminent. Even ChoicePoint, which lost $55 million as a result of a leak, backed the idea of a federal bill to replace the various laws in over 20 states.
At the current time, two bills have already passed through Senate committees and are expected to be heard along with two other draft laws in the Senate. However, less and less senators are confident of seeing a data leakage bill passed this year. On Oct. 6 the Senate plans to wrap up its legislative work to give its members time to prepare for the November election campaign. In reality, however, many politicians will end their work in August and national issues such as immigration and energy resources are higher up the priority list. By the time Congress starts its work again in January all the bills will have to be presented once again.
Therefore, it appears that while Congress is deliberating a host of bills, companies will continue to suffer from the huge number of local laws that only regulate data leaks on the territory of one particular state.
“The legislation process ground to a halt at the beginning of the year when business circles pushed forward several obviously soft bills that protected the interests of companies more than those of consumers. Naturally, the public spoke out against those toothless bills and they never made it into federal law. Since then there has been little or no progress and all the signs suggest we will have to wait until spring of 2007 for that long-awaited law on data leaks,” says Denis Zenkin, marketing director at InfoWatch.
Source: ComputerWorld