Most Read: Business

 Last Update: : AM 05/03/2015(NASDAQ&DJIA)

World Markets from      


Other Market Data from      


Key Rates from      


Blog Contributors

Timothy B. Lee

Timothy B. Lee

Timothy B. Lee covers technology policy, including copyright and patent law, telecom regulation, privacy, and free speech. He also writes about the economics of technology. He has previously written for Ars Technica and Forbes. You can follow him on Twitter or send him email.

Brian Fung

Brian Fung

Brian Fung covers technology for The Washington Post, focusing on electronic privacy, national security, digital politics and the Internet that binds it all together. He was previously the technology correspondent for National Journal and an associate editor at the Atlantic. His writing has also appeared in Foreign Policy, Talking Points Memo, the American Prospect and Nonprofit Quarterly. Follow Brian on Google+ .

Andrea Peterson

Andrea Peterson

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government. She also delves into the societal impacts of technology access and how innovation is intertwined with cultural development.

Post Tech
About / Where's Post I.T.?   |    Twitter  |   On Facebook  |  RSS RSS Feed  |  E-Mail Cecilia
Posted at 09:43 AM ET, 06/03/2011

Sony, Epsilon support national data breach bill

Executives from Sony and Epsilon, speaking Thursday before a House Commerce Manufacturing and Trade subcommittee, endorsed the idea of a federal law regulating data breaches.

In an opening statement, Rep. Mary Bono Mack (R-Calif.), who chairs the subcommittee, said that while she did not entirely approve of the way the companies had handled data breaches affecting their networks, she wanted to move forward and outline the best way to protect online consumers.

Jeanette Fitzgerald, the general counsel for Epsilon, endorsed national legislation and said that the patchwork of state laws regulating data breaches made it difficult for companies to respond to attacks. Epsilon, a marketing company, was hit with a cyberattack in late March that leaked the e-mail addresses and names of millions of consumers.

A single law, she said, “would make it much easier and less costly for business to ensure any applicable notification requirements are met.”

Sony’s Tim Schaaf, president of Sony Network Entertainment International, said the company supports standard legislation that would require companies to provide timely, accurate information on breaches, provide customers with resources to combat the effects of an attack.

Schaaf was also called upon to defend some of Sony’s practices following its network intrustion.

Bono Mack repeated her criticism of the way Sony informed its users of a breach that revealed the personal and financial information of 77 million customers — through its blog.

“Sony put the burden on consumers to search for information instead of providing it to them directly,” she said, adding that such a practice is unacceptable.

Schaaf said that the company’s blog is very popular and a useful way for the company to communicate with its customers quickly and efficiently. He added that Sony later e-mailed customers affected by the attack.

He also defended Sony’s decision to delay informing customers of the breach until the company fully understood the implications of the attack. The company’s servers were breached on April 19 and Sony first notified customers that sensitive data was taken on the 26th.

Bono Mack said she will introduce legislation that will require companies to establish and maintain security policies, give special protection to sensitive information such as credit cards and promptly notify consumers when data has been breached.

“We need a uniform national standard for data security and data breach notification, and we need it now,” Bono Mack said.

By  |  09:43 AM ET, 06/03/2011

Tags:  Security

Read what others are saying

    © 2011 The Washington Post Company