Data security must be job one for lawmakers

info@islandpacket.comMay 30, 2013 

Of all the legislative priorities listed at the start of this session, the one lawmakers should not allow to slide into next year is securing South Carolina taxpayers' private information.

Taking steps across all state agencies to better protect that information from identity theft must be accomplished. The state owes it to us after last year's hacking debacle at the state Department of Revenue.

The unencrypted Social Security and bank account numbers of 6.4 million residents and businesses were stolen, creating potentially decades of problems for people who only did what the state required of them.

That doesn't have to mean creating a new Cabinet-level agency for cybersecurity.

On Tuesday, the House Ways and Means Committee voted unanimously to postpone further debate on the measure. Lawmakers said they didn't want to rush a bill that creates a new agency and commits the state to spending milions of dollars for years to come.

But that's no excuse for doing nothing. And lawmakers should be held to their statements that the "nuts and bolts" of the bill could be incorporated into the budget if the stand-alone bill is not revived before the session ends in two weeks.

The House bill would set up a new agency to set technology standards for state agencies and make sure mandates were carried out. It also would extend credit monitoring for taxpayers for five years.

The House allocated $25 million in its budget plan to fix the system and pay for additional credit monitoring beyond the year provided by Experian under a $12 million contract. The Senate budget puts about $20 million toward the effort.

Consultants with Deloitte & Touche estimated that its recommendations for a statewide cyber-security system would cost $15 million to set up and $7.3 million a year to operate, The (Columbia) State newspaper reports.

The Senate passed a bill in March that sets up a department of information security under the governor, an identity-theft unit at the state Department of Consumer Affairs and two committees to recommend statwide technology and cyber-security policies.

It also offers 10 years of credit fraud protection and would allow taxpayers to purchase their own identify-theft protection and get a tax credit of $300 for individual filers and $1,000 for joint filers.

Significant differences exist between the House and Senate bills on this subject, so it's disappointing that we're this far along in the session with no House bill and no conference committee to iron out those differences.

If something can be accomplished using the budget as a vehicle, lawmakers should make it happen. At a minimum, they should be sure that the state pays for credit monitoring services well beyond one year.

And they should be sure there is money in the budget to pay for improved technology and security across all state agencies, with or without a new department. We're confident a lot could be done within the existing government structure.

No doubt we'll be disappointed on other legislative priorities, but data security should not be one of them.

The Island Packet is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service