IT Public Policy Blog

Connecticut Protects Kids Online

Stephanie Reich: Monday, May 5th, 2008 | 10:00 am

Last month, I had the privilege of working with the Office of the Lt. Governor for the State of Connecticut in coordinating an extremely successful Connected and Protected Kids Assembly for 150 3-5th graders at Kendall Elementary School in Norwalk, Connecticut. Assemblies like this one in Norwalk, allow the Symantec Public Affairs team to give back to the communities with which Symantec works. Symantec’s own Internet Safety Advocate Marian Merritt and Faux Paw the Cat participated in the assembly along with Lt. Governor Michael Fedele, Norwalk Mayor Moccia, State Representative Larry Cafero, and State Senator Bob Duff. At the Assembly, Lieutenant Governor Fedele was honored by IKeepSafe for his efforts in addressing Internet safety and awareness for children. His commitment to keeping Connecticut children safe online has also been demonstrated by uploading some of Symantec’s tool-kits to his very own website! Also during the assembly, Symantec’s Corporate Philanthropy program also awarded a $5000 grant to the Norwalk PTA in order to implement an online safety curriculum in Norwalk Public Schools.

Watching the Lt. Governor sit on the floor and read Faux Paw The Techno Cat: Adventures in the Internet has been one of my most rewarding experiences working at Symantec. The Lt. Governor made the experience for the students all the more fun and exciting. His voices and animation should be nominated for an Academy Award!

Faux Paw's adventures help students learn how to be safe online. Faux Paw’s adventures take her from the Lieutenant Governor's Office where she lives to an Internet site where she thought she was chatting with a friend--Happy Fluffy Kittyface. Well this "friend" asked Faux Paw to meet on the Capitol grounds and when she did, it turned out that Happy Fluffy Kittyface…… well, I don’t want to ruin it!

In the meantime, I invite you to check out http://www.symantec.com/norton/familyresources/index.jsp to learn how to keep kids safe online. You can also find out what happens to Faux Paw!

Last week I attended and spoke at the RSA Security Conference in San Francisco. This event is the premiere industry event on information security. A number of people from Symantec spoke at the week-long conference including our CEO John Thompson. The government relations team was well represented by myself, Ilias Chantzos, our director of government affairs for Europe, the Middle East and Africa, and Tiffany Jones, our director of government affairs for North and Latin America.

The hot public policy topic was data breach disclosure legislation. As identity theft continues to rise, the threat of personal information compromised or exposed to bad actors remains high. 40 US states have already passed some form of a data breach disclosure law. The federal government is currently mired in a jurisdictional battle to enact data security legislation and the fast approaching election season is dimming the prospects of something being enacted into law. At the same time, there is a sparked interest in data breach legislation in Europe and also in Australia. In fact, although this is a new issue in Europe, we may see a regulation in place sooner than in the US.

The big question is what would a data security bill look like? I would argue that any data security bill should abide by three basic principals.

1. It should apply across the board to the private and public sector alike.
2. Implementing pre-breach security measures should be a central component. A 2007 Poneman institute study indicated that the top two technologies purchased after a data breach were data leakage protection and encryption. Shouldn’t we be encouraging people to secure the data before hand so that it does not get exposed?
3. Usability of the data should be a key element in setting the notification threshold. If you use encryption or other technology that makes the data unusable there should be a safe harbor so that you do not have to notify. If there is no risk to the customer that the data can be compromised, we should not be creating unnecessary fear.

Enacting data breach legislation can go a long way towards protecting the personal information of customers and citizens. This is important legislation and should remain a priority for Congress to pass this year.

Another observation from RSA is that the federal government and in particular the Department of Homeland Security was out in full force. Secretary Michael Chertoff, secretary of Homeland Security delivered a keynote address, and a number of other officials including Greg Garcia, the assistant secretary for Cybersecurity and Communication, participated in a number of industry meetings and events. I think the bottom line here is that DHS recognizes protecting the national critical infrastructure is not just about physical security, but that protecting the cyber infrastructure which in many cases runs the physical infrastructure is just as important.