In This Issue

• Executive Director’s Message
• CSIA Board Members Take Cyber Security Message to Congress
• CSIA Letter to Congress On Data Protection
• Global Perspectives
• CSIA Member Spotlight
• About Vontu
  
• Consumer Data Protection: Why We Need a National Standard
  
• Congressional Spotlight
• Congresswoman Mary Bono (R-CA)
  
• Are you Aware of Spyware?
• Legislative Update
• CSIA in the News
• Upcoming Events
• Member List
• Contact Us
• Archives
• CSIA Home Page

CSIA Member Spotlight

About Vontu

Name:  Vontu

President & CEO: Joseph Ansanelli, Chairman and CEO

Headquarters: San Francisco, CA

Ownership: Privately held

About Vontu:  Vontu is the leading provider of Data Loss Prevention solutions for both data at rest and data in motion. Vontu allows organizations to discover and protect exposed confidential information, monitor all network traffic, block select email, FTP and web communications, and automatically enforce data loss prevention policies. By reducing the frequency and severity of both inadvertent and malicious data loss incidents, Vontu helps organizations ensure public confidence, reduce compliance risk and protect competitive advantage.

Vontu customers include Fortune 500 companies in financial services, insurance, high technology, retail, telecommunications, manufacturing, media, and healthcare, as well as local and state government agencies.

Vontu has received numerous awards, including the SC Magazine 2006 U.S. Excellence Award for Best Enterprise Security Solution and IDG’s InfoWorld 2006 Technology of the Year Award for Best Insider Threat Defense application. For more information, please visit www.vontu.com.

 

Consumer Data Protection: Why We Need a National Standard

By Joseph Ansanelli, Chairman and CEO, Vontu, Inc.

Join Joseph Ansanelli and Paul Kurtz for "Federal and State Legislation Update" a Webcast discussion on: Identity theft Data protection Legislative efforts at the state and federal level 1:00 PM EDT on April 25 Register

All of us in the security software industry are keenly aware that identity theft has become a huge issue for the American public. We’ve all heard the numbers: last year, there were over 100 data breaches resulting in more than 53 million individuals being exposed to potential identity theft. Under increasing pressure from consumer organizations, many state legislatures have passed data breach notification bills, and the U.S. Congress is now crafting legislation designed to establish a national consumer data protection law.

As House and Senate committees draft legislation to address the problem, critics of the bills, including some consumer groups, have gone on record opposing federal standards on the grounds that they will pre-empt existing state laws with weaker regulations that do less to protect consumers. In fact, the opposite is true. There are good indications from Congress that the national consumer data protection law will not only make it easier for businesses to demonstrate compliance, but also better protect consumers. Here’s why:

With only a few exceptions, the state laws mandate data breach notification, and nothing more. They do not require that companies take proactive steps to prevent data breaches, such as enforcing data protection policies or monitoring confidential data. They only go into effect after a breach has occurred… when it is already too late to protect the data.

By contrast, several of the bills proposed in Congress go further and would require companies to take proactive steps to protect consumer data and prevent it from getting out. Under House of Representatives Bill 4127, for example, companies would be required to establish a security policy with respect to personal information, name a chief security officer, perform regular monitoring for system breaches, take preventative action to address vulnerabilities and securely dispose of obsolete confidential data. That’s a lot more than most states now require.

Even in terms of notification, the current patchwork of 23 state laws makes things confusing and unpredictable for consumers as well as business. If you live in one of the 27 states that does not have a notification law, you may never hear that your data has been lost. If your state does have a law on the books, you may or may not be notified, depending on the specific law. The lack of consistent practices can only lead to confusion, and confusion is the enemy of consumer protection.

HR 4127 was unanimously approved by the House Energy and Commerce Committee last month in a 41-0 vote. This is a very positive sign that strong legislation can and will gain bipartisan support. Along with other bills currently under discussion in both the House and Senate, we now have the prospect of a strong consumer data protection law that will set a national standard for business and do a better job of protecting consumers.