Before I could catch them, these words spewed out of my mouth: “We need more government regulation of businesses.” I immediately stopped, appalled at what I had just said, and stood there in disbelief.
The fact is, due to a number of problems in organizations, IT security too often gets pushed to the back burner. Next week’s blog entry will deal with those reasons. Do we need more laws to force companies to be secure? For the responsible companies I work with, I say “No! Enough regulation already!” I know they are taking steps to be more secure. But for those companies that send the rest of us letters notifying us of breaches, I think we all would have been happy if some regulation forced them to be more careful with private information. PCI-DSS standards for companies that accept payment cards is still a regulation—except in Nevada where it is now a law. Minnesota also has laws around the core requirements of PCI-DSS.
I used to be totally against some government regulations, but as I see some organizations being careless with your private data, I wonder if a little regulation might go a long way? Please respond with your comments on this blog.