Fwd: After Equifax breach, anger but no action in Congress

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: Richard Forno <rforno () infowarrior org>
Date: Mon, Jan 1, 2018 at 10:26 AM
Subject: After Equifax breach, anger but no action in Congress
To: Infowarrior List <infowarrior () attrition org>, dataloss <
breachexchange () lists riskbasedsecurity com>
CC: Dave Farber <dave () farber net>


After Equifax breach, anger but no action in Congress

By MARTIN MATISHAK

The massive Equifax data breach, which compromised the identities of more
than 145 million Americans, prompted a telling response from Congress: It
did nothing.

Some industry leaders and lawmakers thought September’s revelation of the
massive intrusion — which took place months after the credit reporting
agency failed to act on a warning from the Homeland Security Department —
might be the long-envisioned incident that prompted Congress to finally fix
the country’s confusing and ineffectual data security laws.

Instead, the aftermath of the breach played out like a familiar script:
white-hot, bipartisan outrage, followed by hearings and a flurry of
proposals that went nowhere. As is often the case, Congress gradually
shifted to other priorities — this time the most sweeping tax code overhaul
in a generation, and another mad scramble to fund the federal government.

“It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top
Democrat on the House Energy and Commerce consumer protection subcommittee,
who introduced legislation in the wake of the Equifax incident.

“Every time another shoe falls, I think, ‘Ah, this is it. This will get us
galvanized and pull together and march in the same direction.’ Hasn’t
happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate
working group that has tinkered for years to come up with data breach
legislation.

Every time lawmakers punt on the issue, critics say, they are leaving
Americans more exposed to ruinous identity theft scams — and allowing
companies to evade responsibility. With no sign that mammoth data breaches
like the one at Equifax are abating, the situation is only growing more
dire, according to cyberspecialists.

In the meantime, companies and consumers are left to navigate 48 different
state-level standards that govern how companies must protect sensitive data
and respond to data breaches. Companies say the varying rules are costly
and time-consuming, while cyberspecialists and privacy hawks argue they do
little to keep Americans’ data safe.

But while industry groups, security experts, privacy advocates and
lawmakers of both parties agree that Congress must do something to unify
these laws, no one has been able to agree on what that “something” should
be.

< - >

https://www.politico.com/story/2018/01/01/equifax-data-breach-congress-action-319631



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180101104105:2A95229A-EF0A-11E7-89D0-BDAD1ED8534E
Powered by Listbox: http://www.listbox.com