IT Security & Network Security News & Reviews: Data Breaches Add Urgency to Demands for Security Code of Conduct
Millions of consumers are put at risk each year as companies "lose control of personal data, according to Consumer Reports. Lawmakers in Congress have been discussing data security, and the Obama Administration has proposed a federal data breach notification law to somewhat standardize what organizations have to do in the wake of a data breach. Sen. Richard Blumenthal (D-Conn.) criticized Sony executives for the "egregious inadequacy" of their efforts to notify customers about the April data breaches. "When a data breach occurs, it's essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised." Recent studies have shown that organizations that are subject to PCI, HIPAA (Health Insurance Portability and Accountability Act) or HITECH (Health Information Technology for Economic and Clinical Health) Act requirements generally have many data protection measures in place. While individuals can take steps to protect themselves, such as using strong passwords and not reusing them across sites, only the companies asking for the data can prevent data breaches in the first place. Consumer Reports came up with a "Code of Conduct that companies should follow to be "better custodians of their customers' data. To create this slide show, eWEEK spoke to security industry experts to flesh out the original Consumer Reports list.