Shostack + Friends Blog Archive


We want it all, and we want it now

Bob Sullivan provided excellent “mainstream media” ChoicePoint coverage, and is doing some good blogging about breach legislation. From the blog post cited above, it’s clear that Sullivan considers the Act in question to be nigh-on to a total cave-in to industry. That things would have taken this turn is not surprising, but is nonetheless somewhat disheartening, especially since it isn’t enough to suit various lobbies:

The American Bankers Association, American Council of Life Insurers, American Insurance Association, and Securities Industry Association wrote in a joint letter to the committee this week that the bill “establishes an entirely new set of rules for dealing with data breaches and applies them to a broad range of business entities, including” financial services companies.
It “imposes new data protection and consumer notice requirements on all ‘persons,’ which by the bill’s definitional terms includes ‘an individual, partnership, corporation, association, or public or private organization other than an agency,’ ” the groups wrote. “This clearly covers financial services companies.”

American Banker, “Data Bill Gets Partisan OK; Panel Vows Privacy Next”, Nov. 4, 2005
All of the above are considered bad by the aforementioned lobbies, since they have sought to exclude themselves from coverage. I guess one cave-in isn’t enough. Too bad there isn’t a lobby for the 150 million or so folks whose PII remains at risk, and whose states would be precluded from protecting it.
I guess some folks aren’t satisfied unless things go 100% their way.