Re: Personal Info From PA. Welfare Rolls Stolen

["Brandt, Allen" <abrandt () gmac com>]

There are about 39 state laws currently in effect. Most require
notification to the effected individuals, a few require notification to
the state attorney general or other office, and a very few require
notification to the credit bureaus. None require ID theft protection, or
much of anything else beyond being notified.

 

When a business or organization offers the service, it's done for
customer service or PR reasons, not a legal requirement.

 

The few court cases on the subject have thrown out those where the
people could not show actual damages or loss from the breach, and tried
being the action because they were concerned about a future ID theft, so
it appears that the trend may be to compensate victims only where they
can show an actual loss. And this being from a state agency, that
becomes even tougher.

 

________________________________

From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of Rodney
Sent: Thursday, December 06, 2007 8:21 PM
To: dataloss () attrition org
Subject: Re: [Dataloss] Personal Info From PA. Welfare Rolls Stolen

 


On Thu, 2007-12-06 at 18:50 -0600, Henry Brown wrote:



The Department of Public Welfare began mailing letters Wednesday warning

the recipients to take steps to protect themselves from identity theft, 
agency spokeswoman Anne Bale said.


This strikes me as odd and I have a couple of questions for the group.

1. If your data is lost and there is a clear "at fault" party as seems
to be the case here (the data was unencrypted) they isn't the "at fault
party supposed to provide ID theft protection? Is that a law or just
something done to reduce damages should they ever be sued over release
of personally identifiable information without informed consent?

2. If it is welfare rolls, then these people can't afford to do this on
their own, so again why isn't the state setting this up for them?

Rodney Wise 


______________________________________________________________________
The information contained in this e-mail is intended solely for the person(s) to whom it is addressed. This information 
is the property of the Graduate Management Admission Council(R) (GMAC(R)) and may be confidential. Any e-mail including 
its content may be monitored and used by GMAC® for reasons of security or compliance. E-mail monitoring / blocking 
software may also be used. If you are not the intended addressee, you should not distribute, copy, or disclose this 
e-mail. Please notify the sender immediately if you received this e-mail by mistake, and delete this email from your 
system.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml