For immediate release:
Jan. 29, 2008
State Rep. Pierce's data security enhancement initiative gets House OK
INDIANAPOLIS —— The Indiana House today passed House Bill 1197, legislation introduced by State Rep. Matt Pierce (D-Bloomington) to better protect personal information in computer databases and online.
The bill requires personal information to be protected by encryption rather than simple passwords. It would also require data breach incidents to be reported to the Indiana Attorney General's office for posting on its Web site.
"My goal is to push entities entrusted with our personal information to protect it with the best industry standards," Pierce said. "Making information about security breach incidents available on the Internet will bring public pressure on companies and government agencies that have repeated security breaches. The threat of bad publicity is often a powerful motivator."
The bill promotes the best-used practices in the industry without mandating a particular technology that could become outmoded. Companies and government agencies would be expected to keep pace with techniques commonly used by the industry to protect personal information.
A security breach occurs when unauthorized parties gain access to a consumer's personal information. The Attorney General's Web site would serve as a centralized location to track how many breaches are occurring and which companies are suffering security failures. There is currently no central location to track security breaches.
Pierce filed the legislation after being contacted by Indiana University graduate student Chris Soghoian, who suggested changes to strengthen Indiana's data breach laws. Soghoian is earning a doctorate in information security.
"I hope that making the information more available to the general public would help create a market demand for better security and force companies to be more accountable," Pierce concluded.
The bill is now pending before the Indiana Senate.
— 30 —