Telecommunication industry giants AT&T, Microsoft and Verizon are lobbying hard to kill a data-breach notification bill in the Indiana statehouse, according to Chris Soghoian at CNET.com’s Surveillance State blog. Many state legislatures are passing security breach notification laws as a response to the increasing number of governmental and corporate databases divulging personal identification information either by mistake or by criminal enterprise. The Indiana bill would set the state attorney general as the single point of contact for data breaches, who would then post a report on the breach on a Web site, setting a single place for citizens to go to find out about data breaches.
Soghoian reports that at a state Senate Committee meeting earlier this week, 10 lobbyists, most from the telecommunications industry, criticized the bill as setting up a system that would be vulnerable to online fraudsters. The bill’s sponsors were the only people speaking in favor of the legislation. He said he expects the lobbyists will succeed at killing the Web site notification requirement in the bill. If money talks, and we know it does, then he is almost assuredly correct. By searching National Institute on Money in State Politics‘ database Followthemoney.org, you will see that during the last election cycle AT&T made over $172,000 in contributions to Indiana state office holders or candidates running for state office. Verizon made over $48,000 in contributions, while Microsoft gave $2,000. No matter the merits of the bill, the moneyed lobbyists have little fear of their voices not being heard load and clear.
By the way, on the substance of this legislation, Soghoian writes that the state of New Hampshire already posts copies online of all breaches reported to its Department of Justice, with no evidence of fraud being committed. And he lists two other Web sites, the Privacy Rights Clearinghouse and Attrition.org that post data breach reports online, with no instances of fraud to report.