Congress’ Double-minded View of Data Security
I wrote a few weeks ago about the incredible abuses of data perpetrated by the Governor of Arkansas and the Chicago Elections Board. So, I just had to shake my head when I read Jim Rapoza’s column in eWeek.
Raposa calls out the schizophrenia that appears to be affecting Congress with the introduction of the Personal Data Privacy and Security Act of 2007 which is designed to provide prompt notification to victims when data breaches occur and to make companies accountable for the lack of security that may have led to the breach (think a national version of California SB 1386).
The flip side of this is Rep. Lamar Hunt’s Safety Law. It’s intent is to stop adults who exploit young people over the Internet. However, the law, if passed, would require ISPs and possibly every Web site to store all the data of Internet users just in case its needed in a future court case. There would potentially be no maximum time limit for this data to be retained. There’s even a possibility that this law could allow this data to be used for civil legal actions. Can you imagine the potential ramifications of that? Employers scouring over employee Internet use. Divorce cases with Internet activity disclosed.
Ironically, this same Rep. Smith was also the sponsor of the Telephone Records and Privacy Protection Act of 2006, which protects phone records and make pretexting illegal.
A reasonable balance needs to be found between individual privacy and the need to retain certain data necessary to identify illegal activity. But is Congress, with all of the various special interest groups pandering to them, the right people to find this balance?