Shostack + Friends Blog Archive

Joseph Ansanelli, Brad Smith on Privacy Law

The [Stearns] bill would also require companies to notify not just consumers of a breach, but also the F.T.C., which would then be permitted to audit the company’s security program.

“But it needs better enforcement language,” said Joseph Ansanelli, the chief executive and co-founder of Vontu, an information security company in California, who has frequently testified before Congress on issues of consumer privacy protection.

Mr. Ansanelli says the biggest problem with data security is the patchwork of laws governing too many narrowly sliced industries and too many different situations, when it is really all about the data.

From “Data Security Laws Seem Likely, So Consumers and Businesses Vie to Shape Them” in the New York Times. Meanwhile, Chris Hoofnagle tells us that Microsoft is going to come out in favor of (shaping) a privacy law in “Microsoft: We Want Privacy Law.”

I think both Joseph’s and Chris’ comments are spot on. Also, central notice and tracking of these incidents is quite important.

We’ve previously covered new laws in “Business lobbies engage in rent-seeking. Masses not moved. Film at 11.,” “ Sessions Bill/Breach Monday,” “The hand is quicker than the eye” and “Adding Silent Insult to Injury (Senator Sessions’ ‘privacy’ act),” amongst other posts.

Originally published by adam on 3 Nov 2005
Last modified on 3 Nov 2005
Categories:   information security   privacy   Uncategorized