• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

The “Privacy Bill of Rights” – A WatchGuard Perspective

April 12, 2011 By The Editor

“Whenever industry fails to self-regulate, government will fill the void with legislation.” You can quote me on that.

Currently, the security industry fights a war on many fronts. On one end of the spectrum, we have industry regulations, such as PCI DSS, which helps mandate how credit card/payment card information is secured. On the other end, we have government regulations, such as CIPA (Children’s Internet Protection Act) or HIPAA (Health Insurance Portability and Accounting Act), which regulate data protection for schools, libraries and health care providers.

Now, we face one of the largest government acts of its kind, the “KerryDraft – Privacy Bill of Rights.” Although it is not law now, should it become law, businesses and consumers will see broad and sweeping changes to how consumer data is managed and protected.

Here are the key tenets of the Privacy Bill of Rights:

• Right to Security and Accountability
• Right to Notice and Individual Participation
• Right to Purpose Specification; Data Minimization; Constraints on Distribution; Data Integrity
• Voluntary Enforceable Codes of Conduct Safe Harbor Programs
• Co-Regulatory Safe Harbor Programs
• Application with other Federal Laws
• Development of Commerce Data Privacy Policy in the Department of Commerce

Obviously, this is a lot to digest for businesses and consumers. Here, I will break these points out in greater detail and provide in-depth analysis and commentary so that you can better understand the impact of this Act.

A year ago, Senators Kerry and McCain would have faced an uphill battle in pushing this legislation forward, but given the latest high-profile security fumbles (need I say Epsilon?), it follows that this Act may very well become the next big regulatory change for the industry. Stay tuned!

Share This:

Related

Filed Under: Uncategorized Tagged With: Privacy Bill of Rights, Regulation, Security Law

Comments

  1. Dan says

    April 12, 2011 at 1:14 pm

    Maybe your quote should also include “and there is abuse”

    “Whenever there is abuse and industry fails to self-regulate, government will fill the void with legislation.”

    Generally, governments tends to be reactionary and will not do anything without prodding by one group or another.

    Reply
    • Chris McKie says

      April 12, 2011 at 2:33 pm

      Thanks for the comment. Certainly, when there is abuse, government moves faster. But as Epsilon has showed us, there doesn’t have to be abuse in order for the government to get involved. It will be interesting to see how this pans out.

      Reply
  2. John M. Hoyt says

    April 13, 2011 at 10:21 am

    I’m copying your post and putting it on my blog and pointing back here…

    I’m sorry, but the “Privacy Bill of Rights” is not the step in the right direction I was hoping for…

    Thanks for your thoughts and I will look forward to updates.

    John

    Reply
  3. Dan says

    April 13, 2011 at 2:19 pm

    In the case of Epsilon the abuse is being directly committed by the hackers but Epsilon is responsible for the release of the information which can also be looked at as abuse. Please remember that any entity collecting or aggregating information is ultimately responsible for its security.

    Also remember, that when we do risk analysis and mitigation we try to move risk off to someone else or take steps to reduce it internally. This practice is usually prioritized based upon costs. What the government is proposing will just ensure that protection of personally identifiable information (PII) will be ranked a bit higher.

    Reply
    • Chris McKie says

      April 13, 2011 at 7:39 pm

      Thanks for the comment. You are absolutely right… the entity collecting or aggregating information is ultimately responsible for its security. Sadly, for some businesses, it does take a government mandate to act as a catalyst so that data is better protected. Should be interesting to see how this concludes.

      Reply
  4. Alan Mercer says

    April 13, 2011 at 5:08 pm

    Chris, not to pick at you, but it appears your quote is a paraphrase of a statement in the Sept 18, 1997 prepared statement of the FTC regarding Implications of Emerging Electronic Payment Systems on Individual Privacy. That statement read “The question may ultimately be whether there is any alternative to government intervention if self-regulation does not fill the void.”.

    Following up on your post, I also contacted one of the authors of the SANS course LEG523 “Legal Issues in Information Technology and Information Security”. My read on this legislation was that this bill was similar to the EU Data Directive. He confirmed that the bill as presented does bear earmarks of the European approach to security.

    If enacted in substantially the form presented, this presents a landmark change in the regulatory approach to information privacy in the U.S.

    Reply
    • Chris McKie says

      April 13, 2011 at 7:44 pm

      Not a pick at all, in fact I’m flattered. I’ve never read the 1997 document that you are referring to, but obviously, I’d have to agree. 🙂 Oh, and you’re absolutely right about the EU legislation similarities. I’ve talked to our EMEA people, and they too reiterate the same points that you do. And yes, I couldn’t agree with you more, if this Act becomes law as presented, it will mark a landmark change for the industry. Thanks for the comments!

      Reply
  5. At Home Vaginal Yeast Infection Cures says

    December 7, 2011 at 6:55 am

    I will immediately clutch your rss as I can not find your email subscription link or newsletter service. Do you’ve any? Please allow me recognize so that I may subscribe. Thanks.

    Reply
  6. top mistakes says

    December 11, 2011 at 8:16 am

    Your blog is pretty cool to me and your topics are very relevant. I was browsing around and came across something you might find interesting. I was guilty of 3 of them with my sites. “99% of site owners are guilty of these 5 BIG errors”. http://tinyurl.com/bn4kol9 You will be suprised how fast they are to fix.

    Reply
  7. Chris says

    February 15, 2012 at 6:34 pm

    To top mistakes, while I did find your article of interest I do not see how it pertains here.

    Reply
  8. Girlfriend hates birthday present says

    March 12, 2013 at 7:15 pm

    Maybe you could write next articles referring to this article. I want to read even more things about it! Excellent post. I was checking continuously this blog and I am impressed! Very useful info specially the last part :

    Reply
  9. sistema factor quema grasa pdf says

    December 2, 2013 at 10:18 pm

    However, by early next morning, in most cases you will notice that your weight has
    considerably dropped compared to where it was the previous night.
    If the your body fat is above 25% but below 30% (Women)
    or above 20% but below 25% ( Men) then you are overweight, you are
    carrying more fat around than you need or that is healthy for you and it probably means you
    are eating too much of the wrong foods. But let me
    explain the whole concept of this diet program.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use