Personal tools
You are here: Home Membership Bulletin May 5, 2011: ACM Public Policy Council Chair Testifies on Prevention of Data Theft
Document Actions

May 5, 2011: ACM Public Policy Council Chair Testifies on Prevention of Data Theft

Today's Topic: ACM Public Policy Council Chair Testifies on Prevention of Data Theft

Thursday, May 5, 2011


Eugene Spafford, chair of the U.S. public policy council of ACM (USACM), testified before a Congressional committee that the growing instances of disclosure and loss of personal information from computer databases points to inadequate privacy protection. Speaking to a U.S. House of Representatives Energy and Commerce subcommittee, Spafford described the technical aspects of consumer data disclosures that occur - from accidental to criminal behavior - and presented a range of recommendations to prevent breaches and protect citizens from this rising threat.

The May 4 hearing by a House subcommittee concerned the threat of data theft to American consumers. In his testimony, Spafford cited several recent high profile cases of reported security breaches including Sony and Epsilon. He noted that the mounting incidences of compromising personally identifiable information - in both the government and private sectors - often result from database system operators who continue to run outmoded, flawed software, fail to follow standard practices, and maintain insufficient training or support.

In addition to his recommendations for additional investments in cyber forensic technologies and support for fundamental and applied research in privacy and security technologies as well as a stronger cybersecurity workforce through education, Spafford urged organizations to follow the 24 privacy recommendations endorsed by USACM for use by database operators, which were attached to his written testimony.

A professor at Purdue University, Spafford is Executive Director of the Center for Education and Research in Information Assurance and Security (CERIAS).

Transcript of full testimony.

USACM Privacy Recommendations.