As the world becomes increasingly digital and more of our sensitive information is stored online, the security of that information has become a major concern to both users and lawmakers. In an attempt to safeguard users’ online info, Sen. Richard Blumenthal and Sen. Al Franken are cosponsoring the Personal Data Protection and Breach Accountability Act of 2011, which Blumenthal introduced to congress last month.
The bill aims to protect consumers from security breaches and hold companies accountable for any breaches that compromise user info. This would require companies to take specific steps to store and safeguard info, to notify consumers of any breaches, to offer assistance to users after a breach, and to share information about the breach in order to prevent similar data breaches in the future. These regulations would be applied to companies that store online data for more than 10,000 people.
There have been many high-profile data breaches in the last few years, but recent security attacks have prompted an outcry from users and lawmakers. When Sony’s database was compromised this year, up to 101 million user accounts were affected. The case was particularly troubling to Blumenthal, who pressed Sony on details of the breach and questioned reports that the company’s user information was allegedly stored with no security protection.
According to the bill, over 9,300,000 Americans were the victims of identity theft last year. The increase in security breaches is immensely concerning to users and to the government. “Security breaches are a serious threat to consumer confidence, homeland security, e-commerce, and economic stability,” the bill states. It is for this reason that Blumenthal and Franken are eager to require definitive accountability from companies, both morally and monetarily, via hefty fines and possible jail time.
At this time, the bill is awaiting review by the Senate Judiciary Committee. In the meantime, it is up to users to protect themselves and monitor what and how they share information online in the digital age. To avoid becoming the victim of a major security breach, users should be mindful of their online presence and consider the following:
1) Reduce the amount of info you provide online. Avoid providing your phone number, home address, etc., if not necessary (and never provide your social security number).
2) Use different passwords and usernames for every account. Also make sure you don’t store username or password information in your browser.
3) Use “dummy” email addresses. Set up a separate email account to use for marketing purposes or mailing lists and a separate account for your personal correspondence.
4) Keep security software updated. This will prevent hackers from lifting info straight off your computer.
Have their been any updates to this bill? Is it moving forward?