BreachExchange mailing list archives
Re: Personal Info From PA. Welfare Rolls Stolen
From: "Brandt, Allen" <abrandt () gmac com>
Date: Fri, 7 Dec 2007 08:37:01 -0500
There are about 39 state laws currently in effect. Most require notification to the effected individuals, a few require notification to the state attorney general or other office, and a very few require notification to the credit bureaus. None require ID theft protection, or much of anything else beyond being notified. When a business or organization offers the service, it's done for customer service or PR reasons, not a legal requirement. The few court cases on the subject have thrown out those where the people could not show actual damages or loss from the breach, and tried being the action because they were concerned about a future ID theft, so it appears that the trend may be to compensate victims only where they can show an actual loss. And this being from a state agency, that becomes even tougher. ________________________________ From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Rodney Sent: Thursday, December 06, 2007 8:21 PM To: dataloss () attrition org Subject: Re: [Dataloss] Personal Info From PA. Welfare Rolls Stolen On Thu, 2007-12-06 at 18:50 -0600, Henry Brown wrote: The Department of Public Welfare began mailing letters Wednesday warning the recipients to take steps to protect themselves from identity theft, agency spokeswoman Anne Bale said. This strikes me as odd and I have a couple of questions for the group. 1. If your data is lost and there is a clear "at fault" party as seems to be the case here (the data was unencrypted) they isn't the "at fault party supposed to provide ID theft protection? Is that a law or just something done to reduce damages should they ever be sued over release of personally identifiable information without informed consent? 2. If it is welfare rolls, then these people can't afford to do this on their own, so again why isn't the state setting this up for them? Rodney Wise ______________________________________________________________________ The information contained in this e-mail is intended solely for the person(s) to whom it is addressed. This information is the property of the Graduate Management Admission Council(R) (GMAC(R)) and may be confidential. Any e-mail including its content may be monitored and used by GMAC® for reasons of security or compliance. E-mail monitoring / blocking software may also be used. If you are not the intended addressee, you should not distribute, copy, or disclose this e-mail. Please notify the sender immediately if you received this e-mail by mistake, and delete this email from your system.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Personal Info From PA. Welfare Rolls Stolen Henry Brown (Dec 06)
- Re: Personal Info From PA. Welfare Rolls Stolen Rodney (Dec 06)
- Re: Personal Info From PA. Welfare Rolls Stolen Al Mac Wheel (Dec 07)
- Re: Personal Info From PA. Welfare Rolls Stolen Al Mac Wheel (Dec 07)
- Re: Personal Info From PA. Welfare Rolls Stolen Dale Jordan (Dec 07)
- Re: Personal Info From PA. Welfare Rolls Stolen Brandt, Allen (Dec 07)
- Re: Personal Info From PA. Welfare Rolls Stolen Al Mac Wheel (Dec 07)
- Re: Personal Info From PA. Welfare Rolls Stolen Rodney (Dec 06)