Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Attempts at data breach reporting standard stall

Reprints

Cyber security is a favorite topic for members of Congress these days, say observers.

“There is no lack of cyber security bills,” said Michael Born, Kansas City, Missouri-based vice president and account executive of the global technology and privacy practice at Lockton Cos. L.L.C. “It seems like everybody has an idea” on how to approach the issue.

Observers point to several pieces of legislation as potentially significant. But experts say they have pretty much given up hope of a uniform federal data breach reporting standard.

“Nobody is trying currently trying to make a uniform data breach notification requirement,” said Mr. Born. There are 48 states with their own statutes, and some other federal regulations that require notification, but no uniform statute.

While there have been attempts to achieve one, “none of them has gotten very far,” he said. “It almost seems as though they’ve given up.”

“Whenever you try to get a uniform standard for the entire country, you run into roadblocks” and the question as to whether it pre-empts federal law, he said.

Furthermore, legislators now prefer to focus on cyber security, he said. “At this point they feel like they have bigger fish to fry.”

Meanwhile, observers say a concept being discussed in Washington, although there was not yet a formal bill as of mid-June, is enabling malware victims to turn the tables on their hackers and hacking them in turn.

The problem with such an approach, though, is the risk this could potentially affect innocent parties, such as in a case where an internet service provider that distributes malicious traffic is shut down, said Doug Johnson, senior vice president for payments and cyber security policy at the Washington based American Bankers Association.

“That’s just one example, but it kind of crystallizes what the debate will be around,” he said.

Read Next

  • Cyber security framework marches forward

    The cyber security executive order issued by President Donald Trump in May is targeted at government agencies, but it is expected to have a much wider influence, which will benefit both policyholders and insurers.