In Depth

Consumer Protection

One former FTC member weighs in on the need for a national disclosure law and FTC penalties for companies that fail to protect consumer information

By Sarah D. Scalet

April 01, 2006CSO

Orson Swindle has emerged as one of the nation's most prominent and cogent advocates of the notion that industry self-regulation is the best way for American businesses to improve information security and privacy. A Republican appointee to the Federal Trade Commission by President Clinton in 1997, Swindle used his seven-year term to promote the creation of a "culture of security" in which the government, businesses and consumers work together to improve security. Swindle, 69, is now a distinguished fellow at the Progress & Freedom Foundation, where he directs a project that aims to improve security on the Internet by creating a set of voluntary regulations for private industry. Swindle is also chairman of Security Initiatives for the Center for Information Policy Leadership at the law firm Hunton & Williams. Swindle spoke with Senior Editor Sarah D. Scalet about the challenges of improving information security and privacy.

CSO: What's your perception of the state of information security today, and how close are we to creating this "culture of security" that you've envisioned?

Orson Swindle: The state of information security is a complex issue. We do have problems. I don't think the problems are nearly as bad as they are perceived, and part of that has to do with how the media covers things. This past year we've had probably in excess of 100 disclosed breaches, but the jump from disclosed breaches to grievous harm having occurred is a huge one. You'll hear "40 million credit cards compromised," but it's a much smaller number than thata very low numberwhere harm has actually occurred. Oftentimes a disclosure is an emotional thing. It causes people to overreact. But that is not to say we don't have a problem.

It's understandable that people would be upset when they hear about these huge disclosures of information that's really out of a private citizen's hands.

Absolutely. I think there is reason to be concerned. I think consumers need to be always diligent in how they handle their own information, and perhaps of greater significance, those who are in the business of handling the information have to wake up to the reality. The old paradigm was that when you talked about information security, it was taking care of your own stuff. The new paradigm is, if you're using information, you have to take care of it, no matter whose information it is.

How do we follow the path from when information is stolen, to the point maybe six or nine months from now when that breach results in identity theft or fraud on someone's account?

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Solving Online Credit Fraud Using Device Reputation

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Configuration Assessment: Choosing the Right Solution

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage