The following quotes are from a reported posted to the Atlanta Linux Enthusasts mailing list by Greg Freemyer. First some opinions (JV = John Villanes CH = Calvin Hill) 1) (JV) As it stands any third party that collects evidence for use in a criminal/civil suit is subject to the existing PI licensing law. The penalty is a misdemeaner and a relatively small fine. ie. a few hundred dollars I believe. They are starting to get complaints about Computer Forensic professionals not having there PI license.
Some more background on this would be useful. What is the basis of the complaints? And who is making them? 2) (CH) There is intense pressure on the legislature to regulate individuals with access to sensitive data.
From who? What is considered "access to sensitive data"? 3) (JV/CH) There is pressure to stop abuse of the GA PI law that allows PI companies to face minimal sanctions if they employ felons and allow them to carry guns. This is apparently the driver that caused HB 1259 to upgrade the offense of vialoting the PI license to be a felony.
They should handle this issue in a bill separate from any attempting to regulate the information security industry. This appears to have been the main driver, so handle it on its own. We don't need issues with felons carrying guns effecting the information security industry. These are issues that don't connect. 4) (JV/CH) HB 1259 will be back next near in some way shape or form.
See my above comment... 5) (JV) The PI Board has a written regulation (IIRC) that individuals covered by other GA licensing boards will not be covered by the PI board. (I'm not sure what this means if you are arrested. i.e You are still breaking the law, it is just a regulation that says that MDs/CPAs/Engineers/etc. are not required to have their PI license.)
This is one of the core problems that needs to be addressed. If you are a CPA, doctor, engineer, or information security expert, you should not be breaking the law in the process of practicing your craft in good faith. 6) (JV) My interpretation of what he said is that a IT consultant responding to a client issue that intentionally gathers evidence for potential use at a criminal/civil trial needs to be a PI today, and needs to be regulated in some manner in the future. His question was "Why not the PI board?" 7) (JV/CH) Employees of the violated company do not need to have a license. ie. If you are part of an inhouse IT security group you don't need a PI license, it is only if you are an outside consultant or work for a 3rd party (IT) security firm that you need a PI license.
Well, now a few reasons are being presenting as to why the PI board isn't th... [ Read More (0.2k in body) ] |