Tip:
Highlight text to annotate it
X
The administration’s Consumer Privacy Bill of Rights includes as one of those rights
data security, the principle that consumers have the right to expect that their data would
be kept in a secure manner, data breach notification is an important part of it.
Data Breach notification issue is really the first stab in trying to address a broader
problem and the underlying question is: How do you provide sufficient incentives to encourage
companies to provide robust security? And we do a lot of investigations into data breaches
and what’s interesting about this is that most companies, that are the stewards of personal
data, sensitive data, do a very good job. And when they are breached, they are breached
because there is a very sophisticated hacker there who has managed to overcome relatively
sturdy defenses. On the other hand there are some companies, global companies, they are
stewards of sensitive personal information, that don’t do a good job. And the question
is how to provide sufficient incentive that they do a better job? Or put differently:
how do you provide sufficient disincentives for them not to keep security up to date?
One theory is robust data breach notification laws providing disincentives to having weak
security. You do not want to be the company to have to send the letter out saying: “By
the way your social security number, your bank account information, the information
on your health status and also other pieces of information were breached and, tough, you
know, try to protect yourself if you can.” And so there is a correlation between data
breach notification, which is what the proposal really embodies, and creating these disincentives.
There are broader questions about whether there are better or more targeted ways to
do that. We have been debating that issue in the United States for quite some time and
frankly we don’t have a really great answer for our colleagues in DG Justice but those
are the issues they are trying to disentangle and we want to work collaboratively with them
because these are hard questions with no easy answers.