Proposed Law Demands Federal Agencies Just Do Something About Data Breaches

from the looking-out-for-us dept

Tue, Sep 26th 2006 10:33am — Joseph Weisenthal

In the wake of the embarrassing laptop thefts at the VA and the Census Bureau, it was only a matter of time before some politician moved to pass a law to "do something" about the problem. Politicians, of course, love to appear as if they're doing something to help right past wrongs, so it's almost surprising that it took until now for Rep. Tom Davis to introduce the Federal Agency Data Breach Protection Act. You'd think with a name like that, the law would actually try to solve the data breach problem, but again, it's all about appearance. If you actually read the bill (.pdf), you'll see that there's nothing substantive in it; it's just a call for agencies to develop guidelines to deal with the problem. If federal agencies actually needed a law to spur them to develop guidelines, that's depressing. What's more likely is that the whole thing was cooked up to make Tom Davis, and whatever other Representatives sponsor the bill, look good during election season.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

5 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

PhysicsGuy, 26 Sep 2006 @ 11:29am

well...
what the agencies need is a law that has serious consequences if there is a data breach. what the consequences would be i'll leave up to the law makers and your imagination.
[ link to this | view in thread ]
PhysicsGuy, 26 Sep 2006 @ 11:30am

Re: well...
i should clarify, no serious consequences if the data is on a network and breached by hackers or anything of the sort. i mean, consequences if they commit a "put my personal information on a laptop and leave it on a park bench" type breach...
[ link to this | view in thread ]
Anonymous Coward, 26 Sep 2006 @ 11:54am

Re: Re: well...
Uh, I disagree.

I fthey cant be bothered to secure their networks, they are just as guilty as leaving a laptop on a park bench.

Security is not a one-step process
[ link to this | view in thread ]
anonymous coward, 26 Sep 2006 @ 2:06pm

employee and immediate supervisor are terminated, agency head loses one full month of pay/benefits, and the agency has $10K reduced from its next year's budget for each name exposed.

problem solved.
[ link to this | view in thread ]
PhysicsGuy, 26 Sep 2006 @ 6:21pm

Re: Re: Re: well...
and if an previously unknown exploit is discovered and the admin hasn't been able to accomodate for it? sure, if thousands of identities get stolen through a netbios hack then yes, the admin messed up... but this isn't always the case.
[ link to this | view in thread ]