Earlier this month, the U.S. House of Representatives passed the Data Accountability and Trust Act, H.R. 2221, the first step toward a comprehensive national data breach notification law. As I wrote in the news story, if the U.S. Senate can reconcile the bills proposed there with the House Version, a new federal data breach standard will emerge.
At least one reader wasn’t so sure, however, that any federal data breach notification law is worth the paper it’s printed on without enforcement:
“The point never discussed with this or any other law, process or procedure is that without assertive enforcement – active, visible and without remorse – this initiative will be of no more use than any of the others currently enacted. At best, a paper tiger. At worst, a smoke-screen that protects the guilty and places the innocent at even greater risk.
The concept of burying a problem under mountains of paper (or rhetoric) has long been demonstrated to be no answer to the issues and real dangers facing today’s and tomorrow’s world.”
-Ken Bumgarner, IWWIT, U.S. Consultant, Senior Systems and Security Engineer, Information Security Department, National Information Center, Ministry of Interior, Riyadh, Kingdom of Saudi Arabia
I’ve written in the past about enforcement of data protection laws, specifically with regards to the amended Massachusetts data protection law. The enforceability of a regulation is critical to its passage and success, as are meaningful penalties. Even more important, in this writer’s opinion, is the likelihood of that enforcement.
Thanks to Mr. Bumgarner for writing in.