News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Jerri Ledford's picture
Jerri Ledford

More posts | Read bio

June 28, 2006 - 1:38 A.M.

The problem with government mandated security

3 comments

I was reading this CW article and it occurred to me that the US Government is doing it again.  It's forcing US companies into meeting some mandate that is supposed to protect US citizens.  The Gramm-Leach-Bliley Act of 1999 is a good example of legislation that has forced technological advance upon businesses, as is the whole Sarbanes-Oxley legislation.

Don't misunderstand, I think that there needs to be some type of control in place to help ensure that companies are doing what they should be doing.  The problem is, many times the legislation that's meant to be a guideline is less that and more a hurdle that has to be overcome.  And the thing about hurdles is that some companies will spend far more money figuring out how to get around them than in trying to go over them.

So, this new data security bill is supposed to "require all financial institutions, retailers and government agencies to maintain strong internal safety protections for the data they hold." Many organizations are already trying to do that.  For those that are not, or are not doing it well, this bill puts additonal pressure on them to put the right security technologies in place.  However, if a company can't afford or does have the technical people to support these technologies, then they will try to find a way around the legislation.  I'll bet they find it, too.

Legislation is good in theory.  In implementation, sometimes it's not.  But then, that's the case with most any kind of guidelines or rules.  And we certainly can't do away with them because there are a few companies that will exploit them to the ends of the Earth.  That said, I don't think there's any easy answer.  It's one of those challenges that companies just have to face.

What People Are Saying

Add new comment

Encryption is the SIMPLE

Submitted by Anonymous on July 19, 2006 - 1:35 A.M.

Encryption is the SIMPLE answer. Why does NO ONE see this??????????????????

Report this comment

The issue is that something

Submitted by Alan Shimel on June 28, 2006 - 5:06 P.M.

The issue is that something has to be done as a result of all of these data breaches. However, is the federal government the right one to do it. If the end result of their legislation is a watered-down by special interests bill that is weaker than many of the state laws now in effect, you wind up doing more harm then good. The other thing is what exactly does "strong internal safety protections" mean?

Report this comment

I understand where you are

Submitted by Lando on June 28, 2006 - 1:12 P.M.

I understand where you are coming from Jerri, but what I think is happening (all these data breaches, etc.) is that the current implementation requirements (i.e. MasterCard/VISA PCI, etc.) are not being done in the first place.

I have my own experiences, no less than a half dozen times that I am aware of, where the business obviously not following the basics. For example, using my debit/credit card at a variety of business, you get two pieces of paper; one for you, one for them. Problem is, not only my name and signature, but ALL of my cards digits are printed out! I bring it to the attention of the server, one time to the manager, and the response is, 'well, that's what our merchant account gives us.'

Well, to keep this short, I explain the consequences but it doesn't seem to phase them. Moral of story... check any reciepts you sign to see if your card numbers are being compromised!

Lando

Report this comment

Related Posts

Usenet.com loses MP3 copyright lawsuit vs. RIAA
Six of the best: June's IT Blogwatch
Do you trust Microsoft AV? Security Essentials beta tested...
Ralsky spam gang guilty: 24 years jail, $2,135,000 fine

Today's Top Stories

Microsoft promises to stymie hackers next week with new patches
Will Google OS reset desktop expectations?
EMC gets Data Domain, now what?
Emulex rejects Broadcom's $925M revised buyout offer
VirtualBox 3.0: An easy way to mix and match operating systems
Facebook attracting more users with gray hair, wrinkles
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.