Calls Rise for Federal Data-Privacy Law

Publish date:

Washington — A Sony executive told Congress last
week that the company
would welcome a federal
law on data security and
notification, one that would
supersede 46 state laws on
the subject.

He spoke to a welcoming
audience, with legislators
on both sides of the
aisle making clear that legislation
was needed ASAP
to set ground rules for how
content companies and
broadband networks protect
customer data — that’s
particularly true of personal
information, and when
providers must notify customers
when those protections

Sony and e-mail marketing
firm Epsilon were
on the hot seats in a House
Commerce subcommittee
hearing about online data
breaches, and the need for
a federal standard of online
customer data care.


The issue of online privacy and data protection is one of
the hottest topics in Washington. The administration recently
released a package of recommendations on new data-
security laws, including better notification, enforceable
voluntary steps by industry, and sharing more information
with law enforcement.

Subcommittee chair Mary Bono Mack (R-Calif.) said she
was working on legislation that would set a federal standard.

It would include requiring companies that hold personal
information to establish security procedures for protecting
it; establish even more robust security for certain
classes of especially sensitive information, like credit-card
numbers; and require prompt notification when someone’s
personal information has been jeopardized.

Bono Mack, seconded by members on both sides of the
aisle, said the government needed to take decisive action
on a uniform standard.

She said companies have a responsibility to protect
personal information, but that lawmakers need
to make sure that is going to happen.

Ranking subcommittee member G.K. Butterfield (DN.
C.) said he was ready to work with Bono Mack on a
strong, bipartisan bill. Businesses
must do everything they can to protect
the shopping, bill-paying, entertainment,
and communications that
are all being done online and the information
that is being shared, he

Butterfield pointed to the 46
state laws on breach notification,
but said there needed to be a federal
standard, without which he
said consumers would continue to
be exposed.

He pointed out that former subcommittee
chairman Bobby Rush
(D-Ill.) had proposed a data security
bill that passed the House and stalled
in the Senate. He said that would be
a good foundation for a new effort to
give online consumers peace of mind
and help boost e-commerce by making
people more comfortable with
such transactions.

Sony Network Entertainment International
president Tim Schaaff,
who was a witness at the hearing, said
that it was easy to focus on lapses at
Sony, but everyone was building networks
out of the same basic ingredients
and there could be weaknesses
at vendors they were building their products from.

He said that without some data security assistance from
government, the internet economy was going to be in a
“world of hurt,” and that Sony strongly supported a federal
standard and would be glad to work with Congress
on developing it. He quantified Sony’s particular world of
hurt with the recent data breach, estimating the cost to
Sony at $170 million.