BreachExchange mailing list archives
Fw: Data breach notification survey
From: "TSG" <tglassey () earthlink net>
Date: Thu, 12 Jun 2008 16:30:08 -0700
----- Original Message ----- From: "TSG" <tglassey () earthlink net> To: "Edward White" <ewhite () avrenter com> Cc: <dataloss () attrition org> Sent: Thursday, June 12, 2008 4:19 PM Subject: Re: [Dataloss] Data breach notification survey
I like this idea Edward - but I am going to put on my devils' advocate hat here and push back. Don't get the wrong idea - I want to proceed with your suggestion but I also want to point out some other things... Todd ----- Original Message ----- From: "Edward White" <ewhite () avrenter com> To: "TSG" <tglassey () earthlink net> Cc: <dataloss () attrition org> Sent: Thursday, June 12, 2008 10:14 AM Subject: RE: [Dataloss] Data breach notification survey Todd and All who would like to make a difference, Let's break the problem into its component parts 1) Personal Data held by companies TSG: Which is constrained by the different regulatory frameworks. 2) Personal data out in the open Let's put all of our ideas together to fix the problem with breaches of personal data and craft a letter that will put our ideas into action. TSG: the key to all of this is that the industry is still reeling from its SOX spanking's. Those were the huge costs that it cost to become SOX compliance. The problem is it wasnt SOX that was the culprate - it was the sloppy and uncontrolled methods that people used to use to try and scate around the sides of the requirement's. The issue isnt SOX or any other Federal Law other than the Rules of Evidence which are where the rubber meets the road. What people are pushing back against is the costs of meeting the new Digital Evidence Competency costs and my reaction to many of them is that as an Auditor I will not sign off on their external's without this in place. TSG: As a shareholder My response would be a littel different - I may litigate their gross negligence as well unless they come up with a strong Evidence Capture and Anti-spoliation Position and Practice. I know the right senators office to start with and then will get their input for a final letter that I will hand deliver to every Senators and Congressman's office in Washington, DC It may take 6 months to a year + to get the ideas into Law. This is our Country and the Senate and the Congress work for us. Let's fix the issue. TSG: The issue is easily fixed through civil litigation under Qui Tam. Trust me - most civil attorney's dont see this one, but if you properly analyze the US Law you will find that Qui Tam under the False Claims Act is huge. For instance ALL of the ENRON Victims probably still have recovery rights against the officers of ENRON itself. Likewise would any of those shareholders of company's who were dinged in the back-dating scandle as well... There are many smart people in this country and we need to rise to the challenge. Thanks Ed
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Data breach notification survey Henry Brown (Jun 12)
- Re: Data breach notification survey Edward White (Jun 12)
- Re: Data breach notification survey TSG (Jun 12)
- <Possible follow-ups>
- Fw: Data breach notification survey TSG (Jun 12)
- Re: Data breach notification survey Edward White (Jun 12)