“Whenever industry fails to self-regulate, government will fill the void with legislation.” You can quote me on that.
Currently, the security industry fights a war on many fronts. On one end of the spectrum, we have industry regulations, such as PCI DSS, which helps mandate how credit card/payment card information is secured. On the other end, we have government regulations, such as CIPA (Children’s Internet Protection Act) or HIPAA (Health Insurance Portability and Accounting Act), which regulate data protection for schools, libraries and health care providers.
Now, we face one of the largest government acts of its kind, the “KerryDraft – Privacy Bill of Rights.” Although it is not law now, should it become law, businesses and consumers will see broad and sweeping changes to how consumer data is managed and protected.
Here are the key tenets of the Privacy Bill of Rights:
• Right to Security and Accountability
• Right to Notice and Individual Participation
• Right to Purpose Specification; Data Minimization; Constraints on Distribution; Data Integrity
• Voluntary Enforceable Codes of Conduct Safe Harbor Programs
• Co-Regulatory Safe Harbor Programs
• Application with other Federal Laws
Obviously, this is a lot to digest for businesses and consumers. Here, I will break these points out in greater detail and provide in-depth analysis and commentary so that you can better understand the impact of this Act.
A year ago, Senators Kerry and McCain would have faced an uphill battle in pushing this legislation forward, but given the latest high-profile security fumbles (need I say Epsilon?), it follows that this Act may very well become the next big regulatory change for the industry. Stay tuned!