Slashdot Mirror

← Back to Stories (view on slashdot.org)

Senate Introduces Strong Privacy Bill

Posted by samzenpus on from the protect-yourself-at-all-times dept.

amigoro writes "US Senators introduced a bill that better protects the privacy of citizens' personal information in the face of data security breaches across the country. Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and making it a crime to intentionally or willfully conceal a security breach involving personal data."

8 of 176 comments (clear)

  1. Fix it the right way by Anonymous Coward · · Score: 5, Insightful

    Why isn't it fixed the right way? If the use of Social Security numbers by non-government agencies was ended then much of this would fix itself. Each company would likely pick a different number/id for each individual and it would partition the information. Then, stealing a single number wouldn't give you access to an entire individual.

    1. Re:Fix it the right way by nasor · · Score: 5, Insightful

      A much better solution would be for companies to simply stop pretending that knowing a social security number somehow magically proves that you are who you claim to be.

  2. Re:A little late isn't it? by mr_matticus · · Score: 5, Insightful

    A few horses are out of the barn, but that doesn't mean someone shouldn't close the gate to keep the rest in.

  3. Won't Stop Hackers, Might Scare Hackees by gbulmash · · Score: 5, Interesting

    I think the more important aspect is the increased penalties for willfully concealing a security breach. Increasing criminal penalties is of varying value. One of the reasons criminals commit crimes is because they think they won't get caught, so whether they risk 2 years in jail or 4 isn't going to matter that much to them.

    But increasing penalties for willfully covering up a data breach may have more effect. As we've seen, bigger breaches cannot be kept secret for long. There are too many ways for them to be ferreted out. Furthermore, the people who would be in a position to conceal a data breach are often people who are more afraid of jail than those who willfully commit crimes like identity theft.

    Of course, what I'd really like to see is a death penalty for spammers.

    - Greg

    --
    Start a happiness pandemic
  4. Make It Cost Prohibitive To Store Too Much PD by Anonymous Coward · · Score: 5, Interesting

    A fundemental personal privacy/personal data concept that should be the basis of all laws governing how businesses and governments handle and are responsible for personal data should be liability for PD loss/leakage is directly proportional to the amount of PD per individual.

    For example, your company leaks:

    1) Addresses
    2) SSN
    3) Email addresses

    That will give you three times the liability of a company that leaks:

    1) Address

    Make it financially worthwhile for companies to store the absolute minimum PD necessary to operate their business and to create the incentive to delete all unnecessary data at the earliest opportunity.

    With storage so cheap and the liability for companies or governments essentially divorced from the actual damage done to personal privacy breaches there is absolutely no reason for any company to store every bit of PD about you on their(insecure) systems.

  5. Enforcement, not new laws by imag0 · · Score: 5, Insightful

    I happen to deal with a lot of regulated information (PHI with HIPPA, PCI in some environments as well). One thing that always astonishes me is not that security breaches happen (we're human, things happen), but that there is little to no reported repercussions from those losses.

    It's one thing to have a security breach, but it's another one just to announce it, issue new cards to everyone and keep on working like nothing happened.

    I think the best thing would be that the gov steps up to the plate and actually *enforce* the current laws and not spend our time and taxpayer money to create a new raft of laws that will end up never getting enforced in the first place.

    Cheers,

    imag0

  6. Re:wait a minute, I'm confused by gbulmash · · Score: 5, Insightful

    Isn't this the Republicans domain, increasing privacy?

    Are you being sarcastic?

    The Republicans have always positioned themselves as champions of law and order, and their favorite tool for it is intelligence gathering. Things like the Patriot Act as well as the warrantless wiretapping controversy just prove that out.

    Both parties like to pick and choose which civil liberties they defend and which ones they attack in the name of fighting crime. While the Republicans are big on intelligence gathering at the expense of our right to privacy, the Democrats are big on gun control at the expense of our right to bear arms.

    --
    Start a happiness pandemic
  7. A few horses are but OMG Ponies!!! by Anonymous Coward · · Score: 5, Informative

    This doesn't do a lot for privacy. It still permits widespread snooping, selling of information by commercial entities, etc.

    It does nothing for example to the recent FBI snooping case:
    http://yro.slashdot.org/article.pl?sid=07/01/30/15 8227

    Where the FBI has been found to capturing all an ISP's traffic, then filtering as needed to match the warrants they had. (The argument for that is bogus, if the FBI can do the filtering then the ISP could do the filtering. It's some sort of game to remove the 'minimization' requirement for search warrants.)

    Nothing to stop logging of everything you do. Nothing to stop AOL or Google collecting search information, which as we found can be used to identify individuals:
    http://news.com.com/2100-1030_3-6102793.html

    The gate isn't closed, they're proposing to part close it. Better than nothing, but only a little better.