In May, the White House released a comprehensive proposal for a number of CyberSecurity measures. Unlike most of the other legislation proposed that focuses on Data Breaches or Do-Not Track. The White House proposal has 6 different sections that include changes to Homeland Security CyberSecurity as well as coordination of CyberSecurity between agencies.
- Data Breach Notifications
- Homeland Security CyberSecurity Authority and Information Sharing
- CyberSecurity Regulatory Framework for Covered Critical Infrastructure
- Coordination of Federal Information Security Policy
- Personnel Authorities Related to CyberSecurity Positions
- Preventing Restrictions on Data Center Locations
At 52 pages, the entire proposal is very dense, which makes me think this could be a sequel to Obama’s second book, the Audacity of Hope. The proposal, which I’ve nicknamed the Audacity of Hack, is interesting at points and surprising at others. I still think it is very “hopeful” to think that any of this legislation will passed this year, but hopefully there will be some progress. This will be a multi-part series looking at the proposal.
The first thing that strikes me is how different all the data breach proposals are. The White House may well be the most conservative of all the proposals.
The average max penalty for a data breach for the House of Representatives proposals is $3.8 million. The average max penalty for a data breach for the Senate is nearly double that at $7.2 million. The senate is also much higher for the daily average penalty at $12,333 versus $7,333 for the house.