Note: There is a maximum of 200 words per comment. If you wish to post more, please visit our forum.
Lawmakers move on data theft-security bill
Saturday, April 15, 2006 | No comments posted.
PORTLAND (AP) - The theft of 365,000 patients' records from Providence Health System has prompted lawmakers to push new data protection laws in Oregon.
Oregon has no law requiring companies to report security breaches, unlike California, Washington and at least 23 other states. An Oregon security-breach bill went nowhere last year in the Legislature.
But momentum is building, with Providence joining consumer groups and state regulators Thursday in calling for protections from identity theft at a legislative hearing in Portland.
“We are the poster child in the state, maybe nationally, for data theft,” said Rick Cagen, Providence Health System's Portland-area chief executive. Cagen said the company wants to be seen as a leader among businesses responding to security breaches.
Three elements are emerging as likely components of security-breach legislation to be introduced next year:
€ Requiring businesses to quickly report the loss or theft of confidential information to consumers.
€ Setting enforceable standards for safeguarding personal information businesses collect, such as restricting the use and handling of Social Security numbers.
€ Giving consumers a security “freeze” option, enabling them to stop the release of their credit history and making it more difficult for identity thieves to create fraudulent credit cards and checking accounts.
During last year's legislative session, many industries opposed the credit freeze provision.
Auto dealers said delays in providing financing could hurt sales. Credit rating companies, which would be hampered in selling information, argued that consumers would be inconvenienced by delays in arranging credit and not necessarily protected from identity theft.
Jim Craven, who represents the American Electronics Association in Oregon said his trade group of technology companies would prefer a national standard but won't oppose an Oregon law. His companies increasingly depend on Internet commerce.
“We think for the good of e-commerce we need to address these issues,” Craven said.
Oregon has no law requiring companies to report security breaches, unlike California, Washington and at least 23 other states. An Oregon security-breach bill went nowhere last year in the Legislature.
But momentum is building, with Providence joining consumer groups and state regulators Thursday in calling for protections from identity theft at a legislative hearing in Portland.
“We are the poster child in the state, maybe nationally, for data theft,” said Rick Cagen, Providence Health System's Portland-area chief executive. Cagen said the company wants to be seen as a leader among businesses responding to security breaches.
Three elements are emerging as likely components of security-breach legislation to be introduced next year:
€ Requiring businesses to quickly report the loss or theft of confidential information to consumers.
€ Setting enforceable standards for safeguarding personal information businesses collect, such as restricting the use and handling of Social Security numbers.
€ Giving consumers a security “freeze” option, enabling them to stop the release of their credit history and making it more difficult for identity thieves to create fraudulent credit cards and checking accounts.
During last year's legislative session, many industries opposed the credit freeze provision.
Auto dealers said delays in providing financing could hurt sales. Credit rating companies, which would be hampered in selling information, argued that consumers would be inconvenienced by delays in arranging credit and not necessarily protected from identity theft.
Jim Craven, who represents the American Electronics Association in Oregon said his trade group of technology companies would prefer a national standard but won't oppose an Oregon law. His companies increasingly depend on Internet commerce.
“We think for the good of e-commerce we need to address these issues,” Craven said.
The comments below are from users of theworldlink.com and do not necessarily represent the views of The World or Lee Enterprises. Participation Guidelines
Note: There is a maximum of 200 words per comment. If you wish to post more, please visit our forum.
Note: There is a maximum of 200 words per comment. If you wish to post more, please visit our forum.
Not already registered?
The World welcomes your comments about stories, and we encourage a robust dialogue on this site. All comments must meet reasonable standards of decency and civility.
Please follow these basic rules:
- No defamatory comments about individuals or businesses.
- No deliberately false information.
- No obscenity or racially offensive language.
- No harassment, verbal abuse, threats or personal attacks.
- No information that invades another person's privacy.
- No business solicitations or charitable solicitations.
Comments that violate these standards will not be posted. Users with repeated violations may be banned from future posting.Comments will be approved throughout the day during business hours. After hours and weekend comments may not appear until the following business day. It may take a couple of hours before comments are approved.
The World generally does not edit comments, but we reserve the right to edit any comment that does not meet our standards.
Close Guidelines