Small Business Information Security Act of 2008 introduced

Yesterday, leading Members of both the House and Senate Small Business Committees introduced the Small Business Information Security Act of 2008, S. 3102 and H.R. 6206. This legislation will go a long way toward addressing the technology security challenges of U.S. small businesses — America’s economic engine — which represent nearly 95% of all American businesses.

These bi-partisan bills, co-sponsored by Senators John Kerry (D-MA), and Olympia Snow (R-ME), and Representatives Michael Michaud (D-ME) and Donald Manzullo (R-IL), would establish a public-private task force to study small business information security needs. Composition of the task force will include representatives from the Small Business Administration and other key federal agencies, as well as industry experts, vendors of information technology (IT), IT security academics, small business trade associations, and state and local agencies involved in cyber security. The task force will carefully scrutinize the security issues facing small businesses, after which it will present a report to Congress on its findings and recommendations.

“How small businesses fundamentally tool and train for cyber security drives in large part how they properly deal with their customers and all security matters,” noted Roger Cochetti, Group Director of U.S. Public Policy for the Computing Technology Industry Association (CompTIA). He went on to explain that “the security of information managed by small businesses is essential to our national cyber security.”

“Small businesses depend heavily on the security of their proprietary information to stay competitive,” added Cochetti. “As we understand the task force, one of its primary functions will be to help small businesses know how to maintain proper security so that their data remains safe. In doing so, the resulting study will provide a comprehensive guidepost for small businesses, enabling the efficient and consumer-friendly use of information for legitimate business needs and away from cyber criminals and others who would do harm to our nation and our economy.”

Over the past two Congresses, CompTIA has actively engaged both the House and Senate Small Business Committees, urging their aid in helping small businesses better understand and confront the mounting challenges of information security. To this end, CompTIA has twice testified before the House Small Business Committee asking for, among other things, the creation of a task force with similar focus and makeup as is envisioned by the Small Business Information Security Act of 2008.