Smith: The carrot-and-stick approach

Federal agencies should reward companies that ensure the privacy of consumer data

As recently evidenced by the Federal Trade Commission’s record-setting fine against ChoicePoint, the federal government is getting serious about holding businesses responsible for the protection of consumer information. In addition to the actions taken by FTC and other governing bodies, several members of Congress have introduced bills designed to protect consumers from identity theft and other types of fraud. Several of those bills seek to restrict or regulate the use of personally identifiable information such as credit card numbers, customer records and Social Security numbers.

One bill in particular — the Personal Data Privacy and Security Act — has support from Republican and Democratic senators and may soon come to a vote on the Senate floor. Sometimes referred to as the Specter-Leahy bill, the act focuses on data brokers and other organizations that own, use or license personally identifiable information. It would impose new standards for data security and heavy penalties for noncompliance.

First, the stick. The Specter-Leahy bill would require all affected organizations to implement a personal data privacy and security program designed to ensure the privacy, security and confidentiality of personal electronic records. The bill would take a cue from a California bellwether law by requiring organizations to contact authorities and affected individuals in the event of a security breach involving sensitive personal information.

If passed, the bill would have a profound effect on how government agencies award contracts to data brokers and other information service providers. The General Services Administration and all federal agencies would have to audit the security practices of data brokers before awarding them large contracts. Furthermore, the bill states that penalties for noncompliance must be written into contracts to ensure ongoing compliance after they have been awarded. Sponsors of the Specter-Leahy bill point to the ChoicePoint debacle as a prime example of why such rules are necessary.

“The ChoicePoint breach highlights a dangerous vulnerability in the information economy — the inadequate screening of the customers who are buying personal information,” said Sen. Patrick Leahy (D-Vt.).

However, some critics point out that the bill would pre-empt state notification laws such as California SB-1386 — the Database Security Breach Notification Act — and that it will not apply to organizations already covered by existing regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLBA).

But here’s the catch. If the Specter-Leahy bill passes into law, data brokers and other consumer information traffickers must implement higher standards of security if they want to win large contracts with federal agencies. That would be true even if they are a GLBA- or HIPAA-regulated organization that would not otherwise be subject to the rules proposed in the Specter-Leahy bill.

Now, the carrot. Regardless of its passage, the Specter-Leahy bill highlights the fact that federal agencies depend on information provided by data brokers to practice smart government and fulfill technology-driven initiatives such as the President’s Management Agenda.

By awarding large contracts only to companies that maintain effective privacy and security programs for personal data, the government can offer a clear incentive for industry to protect sensitive consumer information.

Smith is marketing vice president at GuardianEdge Technologies, which sells encryption technology for mobile devices.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group