Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Proposed AZ data-theft bill has critics

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Proposed AZ data-theft bill has critics
Date: Wed, 26 Apr 2006 02:18:14 -0500 (CDT) 
http://www.azstarnet.com/dailystar/business/126149

By Scott Simonson 
arizona daily star 
Tucson, Arizona 
04.25.2006

If a hacker steals your bank card number in Arizona, there's no state
requirement that your bank or a merchant involved notify you.

That could change if Gov. Janet Napolitano signs a bill passed by the
Legislature last week.

Consumers Union, the non-profit group that publishes Consumer Reports
magazine, has criticized the proposed law as ineffective.

Arizona's law would allow companies to decide whether a
computer-security breach is serious enough to deserve a consumer
warning, said Gail Hillebrand, who heads Consumers Union's financial
privacy campaign.

"Who's going to decide?" she said. "It's going to be the company who
failed to protect your data."

Currently, Arizona receives much of its information about thefts of
computer data from California, said Andrea Esquer, spokeswoman for
Arizona Attorney General Terry Goddard. California requires all
companies to report stolen information.

In 2003, California passed the first U.S. law requiring customer
notification of breaches in companies' computerized data.  At least 10
other states have followed suit, said Hillebrand.  Arizona's bill
differs from California's in two important ways, she said.

California requires companies to report any security breach,
Hillebrand said.

Under the Arizona legislation, only breaches that "materially
compromise" people's information must be reported.

Depending upon how that language is interpreted, companies may be
allowed to choose whether to tell consumers, Hillebrand said.

Arizona's law also exempts banks, hospitals and some government
agencies. California's law requires all companies to report problems.

As of Monday, Napolitano had not acted on Senate Bill 1338, said Shilo
Mitchell, spokeswoman for the governor.

The sponsor of the Arizona bill, Sen. John Huppenthal, R-Chandler,
could not be reached for comment on Monday.

Rep. Marian McClure, R-Tucson, helped sponsor the bill in the House
but said that consumers should be told about all computer security
breaches.

Senate Bill 1338 represents a step in the right direction, she said,
although she introduced a stronger bill that failed earlier in the
session.

"A consumer should have a right to know that the information has been
stolen," she said, "to make sure who stole that information cannot
steal my identity."

Consumer notification might help, but better enforcement and better
information sharing are crucial, according to a Tucson couple who have
been victims of identity theft.

Elisabeth and Stephen Kling- ler have discovered that three other
people have been using his Social Security number.

The Klinglers traced some of the thefts to other states, but law
enforcement has not investigated, Elisabeth Klingler said.

The identity thefts have caused incorrect information about their
credit to be reported to data brokers - businesses that collect
people's information and sell it to other companies.

The Klinglers said consumers need better laws to help clear false
information from the files that companies keep.

The bad information has hindered them in buying a cell phone and
taking out a store credit card, Elisabeth Klingler said, and it could
one day affect their ability to buy another home.

"We're kind of giving up hope," she said. "It would take a lifetime to
get the information corrected."


What the bill says

* Senate Bill 1338 would require businesses operating in Arizona to
  notify customers if a computer-security breach compromises their
  personal information.

* Companies that do not notify customers could face fines from the
  state attorney general.

* Government agencies would face the same requirements. The proposed
  law would not apply to banks, hospitals, health insurance companies,
  law enforcement agencies or courts.


Data thefts

* Some of the largest reported thefts of customer data since March
  2005, according to ChoicePoint Asset Co.:

Disclosed by Date Customers affected
 
Bank of America February 2005 1.2 million*

DSW shoes March 2005 1.4 million

Ameritrade April 2005 200,000

Bank of America, Wachovia, other banks April 2005 680,000

CitiFinancial June 2005 3.9 million

MasterCard June 2005** 40 million

OfficeMax February 2006 200,000

* data of federal employees only

** related to security breach at CardSystems Solutions Inc. service
   center in Tucson



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Proposed AZ data-theft bill has critics, InfoSec News <=
Previous by Date:  [ISN] Four Months Later, In-Q-Tel Again Needs New CEO, InfoSec News
Next by Date:  [ISN] LexisNexis finds disclosure meant less pain in data theft, InfoSec News
Previous by Thread:  [ISN] Four Months Later, In-Q-Tel Again Needs New CEO, InfoSec News
Next by Thread:  [ISN] LexisNexis finds disclosure meant less pain in data theft, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]