Cybersecurity, Data, Industry

Promoting Good Data Security Practices to Reduce the Risk of Data Breaches

Today, I testified about data security breaches before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit. Prompted by a rash of high-profile data breaches, the hearing examined ways to reform current federal and state data security regulations to help close gaps and reduce vulnerabilities. The hearing was also an opportunity to discuss what makes data so important, and steps that can be taken to promote better data stewardship.

Economic growth and job creation are rooted in digital data. The use of data has made businesses more agile, responsive, and competitive, boosting the underlying productivity of companies in every industry.

The public’s embrace of these data-enabled technologies cannot be taken for granted. If customers don’t trust that their data will be kept secure, they will not use the technology. Software companies, including BSA members, have taken important steps to protect privacy and security.

Nevertheless, data breaches continue to steal headlines far too regularly. The frequency of these incidents can be explained, at least in part, by the increasingly sophisticated nature of the threat actors that perpetrate criminal breaches.  But experts also indicate that more than 90 percent of breaches could be preventable with basic cyber hygiene. So, consumers are right to ask whether companies are doing enough to protect their data.

Certainly, BSA members offer products and services that can help other enterprises meet the data security challenge. Just as a bank can better protect the individual financial assets of its patrons, BSA members provide cloud services that afford a level of protection for their customers’ digital assets that exceeds what most companies can efficiently provide on their own. However, security is a process, not an end-state, and managing the integrity of data once it is in the cloud remains a shared responsibility. Even a secure cloud computing environment can be breached if basic cyber hygiene isn’t used. Organizations that collect sensitive data need to manage the risks associated with that data throughout its lifecycle.

That’s where Congress can play a role.

In my testimony, I urged Congress to establish a uniform and effective federal standard for data security and data breach notification. Such legislation should accomplish three goals. Most importantly, it should minimize the risk of data breaches by requiring companies to implement reasonable data security practices. Second, it should mitigate the impact of breaches when they do occur by ensuring customers receive timely and meaningful notifications. Finally, it should reduce the complexity of compliance for companies currently grappling with 48 different state notification requirements.

BSA and our members are committed to being part of the solution to data security and we look forward to working with Congress to achieve that.

Thank you to Chairman Blaine Luetkemeyer, Ranking Member Lacy Clay, and the Members of the Subcommittee for inviting me to be part of the discussion. You can read my full testimony here and watch a recording of the hearing here.

Data, Industry, Intellectual Property

Software Policy Priorities Look to the Future

The start of the new year gives us all a valuable opportunity to think ahead, and that includes Congress.  What can be accomplished?  What impact can be made now to have a lasting impact for years to come?  As every sector of the economy, and businesses of all sizes, increasingly use software in nearly everything … Read More >>

Data, Industry

The Reasons Why Michigan and Indiana Win With Software

In late September, Software.org: the BSA Foundation released a study that quantified the economic impact of software throughout the United States. The report tracked state-by-state changes in growth, jobs, and GDP. The good news is that the study finds software is helping grow the economy of every single state, but the surging numbers in some … Read More >>

Data

Blockchain: Understanding a Software Technology That Will Advance New Solutions

The term “blockchain” – like cloud computing and IoT before it – keeps cropping up in new and different settings, yet few people still truly understand its operations or allure. Blockchain, most often linked to the digital currencies Bitcoin and Ethereum, serves as the foundation for many less publicized, but no less potentially valuable applications. … Read More >>