IT Security & Network Security News & Reviews: Data Breaches Add Urgency to Demands for Security Code of Conduct

By Fahmida Y. Rashid  |  Posted 2011-05-26 Print this article Print
Prompt Notification: What Sony Didn't Do

Prompt Notification: What Sony Didn't Do

Companies should disclose the breach swiftly if names and identifying information such as Social Security numbers and passwords are exposed.
Millions of consumers are put at risk each year as companies "lose control of personal data, according to Consumer Reports. Lawmakers in Congress have been discussing data security, and the Obama Administration has proposed a federal data breach notification law to somewhat standardize what organizations have to do in the wake of a data breach. Sen. Richard Blumenthal (D-Conn.) criticized Sony executives for the "egregious inadequacy" of their efforts to notify customers about the April data breaches. "When a data breach occurs, it's essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised." Recent studies have shown that organizations that are subject to PCI, HIPAA (Health Insurance Portability and Accountability Act) or HITECH (Health Information Technology for Economic and Clinical Health) Act requirements generally have many data protection measures in place. While individuals can take steps to protect themselves, such as using strong passwords and not reusing them across sites, only the companies asking for the data can prevent data breaches in the first place. Consumer Reports came up with a "Code of Conduct that companies should follow to be "better custodians of their customers' data. To create this slide show, eWEEK spoke to security industry experts to flesh out the original Consumer Reports list.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel