Fw: Data breach notification survey

["TSG" <tglassey () earthlink net>]

----- Original Message ----- 
From: "TSG" <tglassey () earthlink net>
To: "Edward White" <ewhite () avrenter com>
Cc: <dataloss () attrition org>
Sent: Thursday, June 12, 2008 4:19 PM
Subject: Re: [Dataloss] Data breach notification survey


> I like this idea Edward - but I am going to put on my devils' advocate hat 
> here and push back.
>
> Don't get the wrong idea - I want to proceed with your suggestion but I 
> also want to point out some other things...
>
>
> Todd
>
> ----- Original Message ----- 
> From: "Edward White" <ewhite () avrenter com>
> To: "TSG" <tglassey () earthlink net>
> Cc: <dataloss () attrition org>
> Sent: Thursday, June 12, 2008 10:14 AM
> Subject: RE: [Dataloss] Data breach notification survey
>
>
> Todd and All who would like to make a difference,
> Let's break the problem into its component parts
>
> 1) Personal Data held by companies
>
> TSG: Which is constrained by the different regulatory frameworks.
>
> 2) Personal data out in the open
>
> Let's put all of our ideas together to fix the problem with breaches of
> personal data and craft a letter that will put our ideas into action.
>
> TSG: the key to all of this is that the industry is still reeling from its 
> SOX spanking's. Those were the huge costs that it cost to become SOX 
> compliance. The problem is it wasnt SOX that was the culprate - it was the 
> sloppy and uncontrolled methods that people used to use to try and scate 
> around the sides of the requirement's. The issue isnt SOX or any other 
> Federal Law other than the Rules of Evidence which are where the rubber 
> meets the road. What people are pushing back against is the costs of 
> meeting the new Digital Evidence Competency costs and my reaction to many 
> of them is that as an Auditor I will not sign off on their external's 
> without this in place.
>
> TSG: As a shareholder My response would be a littel different - I may 
> litigate their gross negligence as well unless they come up with a strong 
> Evidence Capture and Anti-spoliation Position and Practice.
>
> I know the right senators office to start with and then will get their
> input for a final letter that I will hand deliver to every Senators and
> Congressman's office in Washington, DC
>
> It may take 6 months to a year + to get the ideas into Law.  This is our
> Country and the Senate and the Congress work for us.  Let's fix the
> issue.
>
> TSG: The issue is easily fixed through civil litigation under Qui Tam. 
> Trust me - most civil attorney's dont see this one, but if you properly 
> analyze the US Law you will find that Qui Tam under the False Claims Act 
> is huge. For instance ALL of the ENRON Victims probably still have 
> recovery rights against the officers of ENRON itself. Likewise would any 
> of those shareholders of company's who were dinged in the back-dating 
> scandle as well...
>
> There are many smart people in this country and we need to rise to the
> challenge.
>
> Thanks
> Ed

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml