Posted by Tom Foremski - October 20, 2005
Dave Black from Voce fills in the background:
Congress is now considering the Personal Data Security and Privacy Act, and 8 other pieces of legislation designed to impose privacy, notification, and handling parameters on the storage of personal data -- in part due to high profile cases such as ChoicePoint and Mastercard. 30 other states are simultaneously considering similar legislation, and many of these laws actually contradict one another. If the federal government does not pass pre-emptive legislation, we'll soon have 50 slightly different state laws pertaining to data security -- expensive and painful for corporations.
Mr Hitz says he has been impressed by the legislators and their aids and with their understanding of the issues involved.
It is a complex subject because it requires creating best practices policies on storing, safeguarding, and destroying mountains of data that are required to be kept for up to seven years as a result of Sarbanes-Oxely and other regulations.
Silicon Valley is increasingly realizing that it has to deal with Washington D.C and get involved in the conversation--otherwise bad laws will be passed. Joe Kraus, of Excite/JotSpot has warned in SVW, about how other industries can use the law to limit what types of innovation can be done.
Easing on SOX?
Mr Hitz also mentioned that "there is a growing realization that Sarbanes-Oxely is an expensive burden for many US companies and there is talk of possibly easing the burden on smaller companies."
That would be a good thing--it's a tax on innovation, imho. But it wont happen unless there is a visible champion--a captain of industry confident enough to take the heat and the scrutiny. Any takers? John? Andy? Eric?