FEDERAL VERSUS STATE LEGISLATION: WHICH WILL ENACT THE BEST DATA PROTECTION BILL FIRST?

The battle is on and so far the states are making the federal government and Congress look like amateurs. If it hadn’t been for California’s Security Breach Information Act (SB 1386), the ChoicePoint loss of 163,000 personal records would never have been acknowledged. Minnesota’s Data Retention Law (H.F. No. 1758) is taking it a couple of steps further requiring some sensitive data to be deleted after 48 hours, and for businesses who drop the ball on information security to pay some of the costs of consumer data theft. See the article Privacy and Security Law Blog. There are currently five more states considering the adoption of similar laws. Great job, but we’re not there yet. Both the states and the federal government are ignoring—could this be business pressuring Congress?—the only approach to solve the identity crisis: Grant control over our names and private information to the individual. InfoWorld did a recent piece on Cyber Security Industry Alliance’s (CSIA) goading of the feds to move faster on this issue. CSIA is an international organization working with top world information security providers to help ensure consumer privacy, among other goals. Members include IBM, Symantec and Vontu. The group has chastised Congress for “passing the political football” and not getting the job done of protecting your privacy. That’s a nice way of saying our representatives in Washington are inept at their jobs. So what’s the answer? State or federal legislation…which is better? It is obvious that federal legislation would simplify the whole process for both consumers and business, rather than 50 different state laws. However, there are as of this posting 39 states that have passed security breach laws, according to Consumers Union. That said, the “inept bunch” doesn’t appear to be able to get any data breach bill passed, much less one that gives individual control over sensitive data. As a result, some brave, non-business-fearing state must come forward and do the right thing, which hopefully would show Congress how to do it. I’m working on Arizona. I hope you will do the same with your state, and please let me know if I can be of any support. E-mail me at: jack.dundiv@cox.net.