ATLANTA, GA (December 4, 2018) – Patrick Gaul, Executive Director of the National Technology Security Coalition, released the following statement today:
“Watching the news of this most recent data breach acknowledgement unfold over the past several days, I am not surprised by the reactions from various industry experts and federal and state government stakeholders. Threats of harsher regulations, more punishment for companies, and jail time for executives are some of what we hear in sound bites every time a data breach occurs. For the NTSC community, this incident is yet another reminder of the need for federal legislation governing data breach notification.
“Why? Not all consumers are equally protected by state legislation that currently governs such incidents. Data breach notification legislation exists in all 50 states plus the District of Columbia, Puerto Rico, Guam. and the Virgin Islands. While some commonality exists among the various pieces of legislation, notable differences also arise, especially when it comes to consumer protections and rights.
“The NTSC endorses reasonableness in data collection, especially if that data is being collected without the consumer’s knowledge. But we also believe that creating security standards based on the size of a company and the type of data held is also critically important to ensure consumer data is protected.
“The NTSC supports federal legislation that gives businesses one place to file, ensures a security standard for consumer data based on company size and the type of data held, and supports appropriate civil penalties in cases of gross negligence. As I noted in an op-ed published in The Hill last year, it is time for Congress to pass national data breach notification legislation.”
About the National Technology Security Coalition (NTSC)
The National Technology Security Coalition (NTSC) is a non-profit, non-partisan organization that serves as the preeminent advocacy voice for Chief Information Security Officers (CISOs) across the nation. Through dialogue, education, and government relations, we unite both public and private sector stakeholders around policies that improve national cybersecurity standards and awareness.