Archive for

Data Breach Bureaucracy and Over Zealous Regulators Destroying Small Businesses

The amount of over regulation forced on the small businesses in the United States is a little unnerving at times. And I would submit to you that all too often we punish the small businesses rather than the culprits. A good case in point would be the new cyber security and cyber crime laws which are going to be put forth. These new laws will require small businesses to spend lots of money on information technology hardware, or move their data to the cloud.

Indeed, I suspect that the large companies which offer cloud computing data center storage are lobbying the U.S. Congress to make these laws. The reality however is that the hackers are the criminals, and rather than acknowledging that, the government wants the small businesses to be fully liable upon any data breach. Small businesses obviously cannot afford to compete with the larger businesses to secure this data from all the world’s best hackers.

Worse, many of the holes in the software which are being exploited by hackers are there for a reason; because government intelligence agencies request that there software makers leave backdoors so they can get in. Of course, the hackers and the intelligence industrial complex often have very close ties, and it doesn’t take long for the cat to get out of the bag, and everyone – good guy, and bad guy alike know how to exploit these systems.

Still, even though all of that is true, more and more laws are being made against the small business whose data becomes breached. If small businesses cannot collect the data, they cannot use the data to do transactions online, thus, they cannot compete with the larger companies. Not long ago, the Internet was considered the great equalizer allowing small businesses and large businesses to compete on an even level playing field. Unfortunately for the small entrepreneur that level playing field has been tipped on its side once again.

According to a US House of Representatives Report: “Recommendations of the House Republican Cyber-security Task Force” published after the June 24, 2011 committee meeting on boosting cyber-security in the US, it was stated that:

“Data Breach – For many companies, the normal operation of business requires the collection and use of sensitive personally identifiable information. When this information is stolen, individuals are exposed to theft and identity loss. This threat is even greater when individuals are unaware their information has been compromised. Nearly every state has implemented its own data breach law that, at times, can make it difficult for businesses to be in compliance. Congress should address data breach notification legislation that simplifies compliance for businesses and protects the sensitive personally identifiable information of individuals.”

What I find even more amazing is that online social networks are collecting personal and private information, and allowing advertisers to sharing that information, while small businesses in the future will not even be allowed to collect it. Further, many people think that the cloud is safe, but if someone breaks into a small company’s computer, or gets a hold of their security keys or codes, then they will still be able to gain access to the information stored in the cloud. The cloud computing companies do not guarantee that their systems are totally safe, and they leave the responsibility to the users, even if the users think that the cloud is protecting them.

It seems, there is just too much politics, lobbying, and big business involved in these new cyber security rules. It also appears that the government, and FBI, and other agencies should be going at these cyber criminals full-tilt rather than making the smaller companies look like the bad guy. If someone breaks into your office, and shoots a customer, is it really the business’ fault? What’s the real difference between someone breaking into a company and shooting a customer, or breaking into a company’s computer and stealing the data? In reality it’s the same problem, just the consequences are to a lesser degree, it’s still a crime. Common law should prevail, not be uprooted here in the information age.

We just have too many laws already, and we don’t need any more. In fact, if we want to play the blame game, we can look all the way back to the intelligence agencies that purposely made sure that the software companies left back doors so they could get in. Therefore, any security breach in software is really the government’s fault. That might be a heavy statement for many people, but I ask that you please consider this, and think about the over regulation which is destroying our economy, and preventing America from getting back to work.