Tweet Cybersecurity, Data, Industry

Promoting Good Data Security Practices to Reduce the Risk of Data Breaches

Today, I testified about data security breaches before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit. Prompted by a rash of high-profile data breaches, the hearing examined ways to reform current federal and state data security regulations to help close gaps and reduce vulnerabilities. The hearing was also an opportunity to discuss what makes data so important, and steps that can be taken to promote better data stewardship.

Economic growth and job creation are rooted in digital data. The use of data has made businesses more agile, responsive, and competitive, boosting the underlying productivity of companies in every industry.

The public’s embrace of these data-enabled technologies cannot be taken for granted. If customers don’t trust that their data will be kept secure, they will not use the technology. Software companies, including BSA members, have taken important steps to protect privacy and security.

Nevertheless, data breaches continue to steal headlines far too regularly. The frequency of these incidents can be explained, at least in part, by the increasingly sophisticated nature of the threat actors that perpetrate criminal breaches.  But experts also indicate that more than 90 percent of breaches could be preventable with basic cyber hygiene. So, consumers are right to ask whether companies are doing enough to protect their data.

Certainly, BSA members offer products and services that can help other enterprises meet the data security challenge. Just as a bank can better protect the individual financial assets of its patrons, BSA members provide cloud services that afford a level of protection for their customers’ digital assets that exceeds what most companies can efficiently provide on their own. However, security is a process, not an end-state, and managing the integrity of data once it is in the cloud remains a shared responsibility. Even a secure cloud computing environment can be breached if basic cyber hygiene isn’t used. Organizations that collect sensitive data need to manage the risks associated with that data throughout its lifecycle.

That’s where Congress can play a role.

In my testimony, I urged Congress to establish a uniform and effective federal standard for data security and data breach notification. Such legislation should accomplish three goals. Most importantly, it should minimize the risk of data breaches by requiring companies to implement reasonable data security practices. Second, it should mitigate the impact of breaches when they do occur by ensuring customers receive timely and meaningful notifications. Finally, it should reduce the complexity of compliance for companies currently grappling with 48 different state notification requirements.

BSA and our members are committed to being part of the solution to data security and we look forward to working with Congress to achieve that.

Thank you to Chairman Blaine Luetkemeyer, Ranking Member Lacy Clay, and the Members of the Subcommittee for inviting me to be part of the discussion. You can read my full testimony here and watch a recording of the hearing here.

Author:

Aaron Cooper serves as Senior Vice President, Global Policy. In this role, Cooper leads BSA’s global policy team and contributes to the advancement of BSA members’ policy priorities around the world that affect the development of emerging technologies, including data privacy, cybersecurity, AI regulation, data flows, and digital trade. He testifies before Congress and is a frequent speaker on data governance and other issues important to the software industry.

Cooper previously served as a Chief Counsel for Chairman Patrick Leahy on the US Senate Judiciary Committee, and as Legal Counsel to Senator Paul Sarbanes. Cooper came to BSA from Covington and Burling, where he was of counsel, providing strategic guidance and policy advice on a broad range of technology issues.

Cooper is a graduate of Princeton University and Vanderbilt Law School. He clerked for Judge Gerald Tjoflat on the US Court of Appeals for the Eleventh Circuit.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen − sixteen =