What are the pros and cons of a national breach notification law?
That is the topic of a discussion among Chief Information Security Officers that I will be moderating for the National Technology Security Coalition (NTSC) CISO Policy Roundtable tomorrow (4/3/17). My goal is to keep my own comments to a minimum, ask good questions, and let the CISOs share their real-world knowledge.
Comments are open so please share your thoughts on this issue. Specifically,
- What are the questions that need to be asked to facilitate this discussion?
- What are the critical points that need to be made?
Here are a few resources that I found helpful in my research on this issue:
- State Data Breach Notification Laws: February 2017 Privacy Update
- Massive Yahoo break-in shows need for uniform national data breach law
- New Mexico Set to Be 48th State with Breach Notification Law
- Five States Introduce New Data Security Laws
- Data Breach 101, Part I: Data Breach Notification Laws
- Examining the President’s Proposed National Data Breach Notification Standard Against Existing Legislation
- Data Security and Breach Notification Legislation Gaining Traction in Congress
- The need for a national data breach notification law
- Here’s why the government wants a national data breach law
- Why this national data breach notification bill has privacy advocates worried
- Push on for National Breach Notice Law
- THE DATA SECURITY ACT OF 2015- WHAT DOES IT MEAN FOR BANKS AND MERCHANTS?
- SECURITY BREACH NOTIFICATION LAWS, National Conference of State Legislatures
A question I would bring up is on thoughts of enforcement of the law? How would whistleblower protection play out?
Great point Will, thank you very much. The whistleblower protection aspect could be very impactful. Thank you for bringing it up.