R. James Nicholson, the Veterans Affairs
secretary, said Thursday that: "I am outraged at the loss of
this veterans' data and the fact an employee would put it at
risk by taking it home in violation of VA policies." On May
3, the unnamed employee's home was broken into and the
database was stolen, Nicholson said. No encryption was used
to protect the data.
The bill, called the Data Accountability and Trust Act, or
DATA, (click here for PDF) establishes strict standards for
commercial companies to follow in the event of a data
breach--including notifying customers "as quickly as
possible," posting an alert on their Web sites and picking
up the cost of credit reports for one year.
Not one of those requirements would apply to federal
agencies.
Sonia Arrison, director of technology studies at the Pacific
Research Institute, said the situation should be
reversed--with the federal government subject to stiffer
rules.
"People don't have a choice about whether they're going to
give data to federal agencies--they just have to give it
up," Arrison said. "The law should be harder on the federal
government than on the companies. It should err on the side
of being harder on the Feds, because of the fact that you
don't have a choice."
The original DATA bill was part of a flurry of congressional
activity that emerged in the wake of several high-profile
data breaches last year, including an incident at
information broker ChoicePoint, which has since agreed to
pay record fines.
The Business Software Alliance praised the bill's approval,
saying it would "help fill cyberloopholes in the criminal
code, encourage early notification to law enforcement, and
provide the necessary tools to find and prosecute online
criminals."
David Sohn, staff counsel for the Center for Democracy and
Technology, said the bill might be reconciled with a second
proposal called the Cybersecurity Enhancement and Consumer
Data Protection Act, or CECDPA.
CECDPA also was approved by the House Judiciary Committee on
Thursday and would require anyone who possesses personally
identifiable information, such as a person's Social Security
number or date of birth, to notify the U.S. Secret Service
or the FBI of any "major security breach" before telling the
public. Refusing to comply would result in imprisonment or
escalating fines.
Targeting online gambling
In addition to the two data breach bills, the panel approved
Net neutrality rules and two bills related to Internet
gambling (H.R. 4777) and (H.R. 4411).
Congress has tried--albeit unsuccessfully--to expand
Internet gambling prohibitions before. Previous efforts
failed because gambling lobbyists including Jack Abramoff
managed to derail them, and because special interests won so
many exceptions that religious conservatives eventually
became disenchanted with the legislation. Meanwhile,
offshore betting has proliferated and has become a
million-dollar industry.
"During the time that has transpired (since the last time
around), the amount of money going to these illegal,
unregulated offshore enterprises has quadrupled to $12
million a year, with about $6 million coming out of the
United States," said Rep. Bob Goodlatte, a Virginia
Republican.
Goodlatte said updating the Federal Wire Wager Act was
necessary to make sure the law prohibits all forms of
Internet betting. "It does not adequately address modern
technology nor is it completely clear it covers all forms of
gambling," Goodlatte said. "This legislation makes it clear
it covers all forms of gambling and all forms of
technology."
Rep. Robert "Bobby" Scott, a Virginia Democrat, proposed an
amendment--which failed--that would have targeted individual
gamblers, not just businesses that run gambling operations.
"If we would prosecute the individual gamblers, a few sting
operations would get the word out that if you gamble over
the Internet, you'll be at the mercy of law enforcement,"
Scott said.
Much of the debate on the proposal, which lasted about 90
minutes, came from a clearly vexed Rep. Robert Wexler, a
Florida Democrat, who said Goodlatte's bill unfairly
permitted betting on horse races online while excluding
other related sports, such as dog racing. (Greyhound racing
is popular in Florida.)
"If you pass this bill with this rule construction in it,
you're saying horse tracks, go ahead and gamble away on the
Internet and you've got an extraordinary advantage over your
legal competitors," Wexler said with his voice raised.
Goodlatte replied that horse racing is treated differently
because of a separate federal law called the Interstate
Horseracing Act, on the books since 1978, which permits
off-track betting on horses under certain conditions. One
section of Goodlatte's bill says it "does not change which
activities related to horse racing may or may not be allowed
under federal law."
|