30 Jun 2011

Senate debates internet security legislation

On June 29, the Senate Commerce Committee debated bills related to internet security.

West Virginia Democrat John Rockefeller, the committee chairman, introduced two pieces of legislation, both addressing consumer rights. One bill proposed timeline requirements for corporations to tell customers about computer security breaches, and the other proposed a streamlined way to opt-out of companies' automatic online customer tracking.

President of Sony Network Entertainment International, Tim Schaaf, testified that companies should be given some leeway about when they inform customers about security intrustions, so investigations can be conducted and customers can be given helpful, detailed information. Sony's PlayStation network was hacked earlier this year.

A spokesman for Hewlett-Packard told the committee his company supports Rockefeller's do-not-track legislation, which other companies have spoken out against the in the media, saying it will hinder innovation related to personalizing the company-consumer relationship.

The committee also debated the Commercial Privacy Bill of Rights Act. Among several provisions, the bill would require companies to explicitly attain permission before collecting customer financial or health records.

This hearing occurred one day after the Federal Financial Institutions Examination Council released a supplement updating its recommendations regarding banks' internet security protocols. Last May, Citigroup discovered it had been hacked, but waited about a month before informing customers.