Shostack + Friends Blog Archive


Joseph Ansanelli, Brad Smith on Privacy Law

The [Stearns] bill would also require companies to notify not just consumers of a breach, but also the F.T.C., which would then be permitted to audit the company’s security program.

“But it needs better enforcement language,” said Joseph Ansanelli, the chief executive and co-founder of Vontu, an information security company in California, who has frequently testified before Congress on issues of consumer privacy protection.

Mr. Ansanelli says the biggest problem with data security is the patchwork of laws governing too many narrowly sliced industries and too many different situations, when it is really all about the data.

From “Data Security Laws Seem Likely, So Consumers and Businesses Vie to Shape Them” in the New York Times. Meanwhile, Chris Hoofnagle tells us that Microsoft is going to come out in favor of (shaping) a privacy law in “Microsoft: We Want Privacy Law.”

I think both Joseph’s and Chris’ comments are spot on. Also, central notice and tracking of these incidents is quite important.

We’ve previously covered new laws in “Business lobbies engage in rent-seeking. Masses not moved. Film at 11.,” “ Sessions Bill/Breach Monday,” “The hand is quicker than the eye” and “Adding Silent Insult to Injury (Senator Sessions’ ‘privacy’ act),” amongst other posts.

One comment on "Joseph Ansanelli, Brad Smith on Privacy Law"

  • beri says:

    As a reader of this blog with very limited understanding of the technical discussions, i observe that there doesn’t seem to be a national or even regional concern on the part of the consumer about the complete lack of privacy and the ease with which unauthorized persons can gain access to everyone’s information.
    I understand that the REpublicans have been all too successful in waving the red flag of “terrorism” in front of people; is that the only reason people refuse to be concerned about this issue?
    It’s obvious from the post that slicing the issue into tiny bits is industry’s way of avoiding responsibility.
    what can be done to make people care about this issue, which has critical implications for health care privacy, not to mention identity theft.

Comments are closed.