Just another story that illustrates how stupid government thinks we are. Or, perhaps another story for us to illustrate how stupid government is. President Obama announced on January 12th new cyber reforms. He is calling on Congress to mandate that companies whose customer data is breached inform affected individuals within 30 days. But why don’t agencies that are hacked have to notify citizens when their data is compromised? Good question it seems.
On a more humorous note, the silence on the government’s responsibility to protect its own data became awkward, as pro-ISIS hackers allegedly leaked personal information on U.S. military members around the same time Obama was speaking.
There currently is no U.S. requirement for notifying breach victims within a certain time period. A hodgepodge of state regulations give companies varying guidance on contacting victims. Less than 30 percent of federal agencies recently surveyed notified affected individuals of high-risk breaches, the Government Accountability Office reported last year.
The Federal Agency Data Breach Notification Act, introduced by Rep. Gerry Connolly, D-Va., in the last Congress would require, among other things, notifying individual victims within 72 hours after discovering evidence of a personal data breach.
According to Connolly, “he does not feel the administration is applying a double standard by omitting agencies from its legislative agenda.”
Need we say anymore?