IT Security & Network Security News & Reviews: Data Breaches Add Urgency to Demands for Security Code of Conduct

By Fahmida Y. Rashid  |  Posted 2011-05-26 Email Print this article Print
Millions of consumers are put at risk each year as companies "lose control of personal data, according to Consumer Reports. Lawmakers in Congress have been discussing data security, and the Obama Administration has proposed a federal data breach notification law to somewhat standardize what organizations have to do in the wake of a data breach. Sen. Richard Blumenthal (D-Conn.) criticized Sony executives for the "egregious inadequacy" of their efforts to notify customers about the April data breaches. "When a data breach occurs, it's essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised." Recent studies have shown that organizations that are subject to PCI, HIPAA (Health Insurance Portability and Accountability Act) or HITECH (Health Information Technology for Economic and Clinical Health) Act requirements generally have many data protection measures in place. While individuals can take steps to protect themselves, such as using strong passwords and not reusing them across sites, only the companies asking for the data can prevent data breaches in the first place. Consumer Reports came up with a "Code of Conduct that companies should follow to be "better custodians of their customers' data. To create this slide show, eWEEK spoke to security industry experts to flesh out the original Consumer Reports list.

Prompt Notification: What Sony Didn't Do

Companies should disclose the breach swiftly if names and identifying information such as Social Security numbers and passwords are exposed.
Prompt Notification: What Sony Didn't Do

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel