One SEC Commissioner, Hester Peirce, voted for the brand new rule, however expressed considerations it’d generate notification fatigue, which might result in folks finally ignoring all safety notifications. “My best concern concerning the rule is that its breadth might undermine the worth of the shopper notifications by making them so commonplace that folks ignore them. In some unspecified time in the future, the notifications will cease having the supposed impact. If lined establishments concern being second-guessed after making an affordable judgment to not ship a discover, they are going to err on the aspect of sending a discover, even when one may not be obligatory?” Peirce requested in a press release. “How does your conduct change in the event you begin getting a discover each few months? Or each month? Or each week? What in the event you get notifications from a number of entities associated to the identical breach?”
Peirce additionally mentioned that the brand new rule might solely worsen at present’s two-tier breach disclosure guidelines, with totally different states mandating totally different guidelines than numerous federal businesses. “The trade nonetheless will take care of an array of various and generally conflicting state and federal necessities. Additional consolidation and harmonization of those necessities is a worthy purpose on which federal and state regulators ought to proceed to work,” Peirce mentioned.
Brian Levine, an legal professional who’s the Ernst & Younger managing director for cybersecurity, appreciates Peirce’s place however strongly disagrees along with her conclusion. “They must be decreasing the underlying breaches and never fear about whether or not their prospects are getting desensitized to them,” Levine instructed CSO. “Notification fatigue is a really actual factor, however the resolution is to have fewer breaches, not fewer notifications.”
