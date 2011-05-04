Data security got a lot of face time on Capitol Hill

Wednesday, as two separate hearings focused, and touched on, respectively,

issues from Sony's online data breaches to the location-based data issues

involving Google and Apple.

The Attorney General said that Sony was under active

investigation for data breaches, while the FTC signaled that geolocation

is the kind of sensitive information that deserves heightened government

scrutiny and protection.

The House Energy & Commerce Committee bored down into

the issue with a panel of witnesses that included the Federal Trade Commission's

point person, David Vladeck, director of the Bureau of Consumer Protection.

On the issue of Apple's storing of geolocation

information for up to a year, Vladeck was asked by Rep. Bill Cassidy (R-La.)

whether the agency supported a "thou shalt not" approach of

legislation barring the saving of such data beyond a certain time period, he

said the FTC had not taken a position on that specific issue. But he did say he

supported making the use and storage of that data an automatic trigger for

notification of consumers about what was happening with it.

Apple and Google have both taken heat for their handling

of Geolocation info, Google for what it says was inadvertent collection of

data as part of its online mapping efforts, Apple for storing geolocation

info, unencrypted, for up to a year (it says that was a glitch) and backing up

that info on unsecured computers when iPhones were syncedAtt.

Vladeck pointed out that the FTC in a December report

recommended that geolocation data be considered the kind of personal information

that gets heightened protection. He also said that one of the questions it raised

in its ongoing review of child online protection laws is how to

treat geolocation info.

Cassidy asked what the argument was against limiting the

storage of geolocation information. Vladeck said that there were two

arguments--though he hastened to point out he was not advocating either. One

was that it enhanced the functions and the other was that it allowed them

to perfect the service. "I am rehearsing the arguments you will

hear," said Vladeck.

Justin Brookman, director of the Consumer Privacy Project at

the Center for Democracy and Technology, said he would be concerned by a

"thou shalt not" approach, saying there are reasonable uses for

retaining such data for longer periods of time, including a traffic

program that would remember his routes and give him the best info about them.

He and Vladeck were in agreement that there needed to

be clear consumer information, and not "buried in paragraph 40."

Vladeck said that the industry was not doing enough to

self-regulate in the area of data security, that Congress should pass

comprehensive data security legislation, that federal regs

should supersede state regs if the latter are not as strong, that

states attorneys general should be authorized to enforce federal data security

laws, that the FTC should have stronger rulemaking authority, and that it could

use more resources.

Those to the point answers were courtesy of the now iconic

"answer yes or no, please" line of questions from Rep. John Dingell

(D-Mich.), which all of the panelists honored to a degree unusual in such

proceedings.

Over on the Senate side, Attorney General Jeffrey Holder

said Justice was "actively engaged" in investigating Sony over two

recent data breaches.

Sony two weeks ago revealed that someone had hacked into

its PLaystation online gaming network and accessed millions of records.

Then this week it said that its SOny Online Entertainment gaming net had

been hacked, with millions more possible breaches, according to Ed Markey

(D-Mass.), co-chair of the bipartisan House privacy caucus.

"I am alarmed that twice within one week, sensitive consumer

information, especially that of children, has been exposed by hackers,"

said Markey. "Sony's tagline is ‘make.believe'. It also should be

‘make.secure.'

At the Senate hearing, Holder said Justice and the FBI were

taking those Sony breaches "very seriously," while one legislator

said he was not happy with the way Sony has handled the situation, including

the length of time it took to inform consumers and take corrective action.

The mobile data security issue will be getting more

attention. Senator Al Franken (D-Miss.), chair of a new Judiciary privacy

subcommittee, has scheduled a May 10 hearing on "Protecting Mobile

Privacy: Your Smart Phones, Tablets, Cell Phones and Your Privacy," while

the Senate Commerce Committee also plans to hold a hearing on that issue this

month.