BreachExchange mailing list archives
Re: confirming victims of data breaches?
From: "Brad Putnam" <bputnam () digitalcomply com>
Date: Mon, 21 Jul 2008 17:50:25 -0600
Hi Rob; I have to tell you, this is one of the best questions I've seen in regard to helping consumers. To my knowledge, there are zero laws that compel a company to come clean upon verbal request of a client. Obviously, it would be good for the individual consumer; however, it could also be used nefariously. Steal a DB, call and confirm the data is good. Your point is well taken and I need to think on it a bit... I would love opinion on the subject, but I don't want to request anything without the permission of Attrition folks to utilize their list... Lastly, this is one of the best managed mail lists I've been a party to. Thank you Lyger and Co! Best regards, BP Brad Putnam President and CEO Digital Compliance, LLC PO Box 792 Billings, MT. 59103 406-325-9737 Phone 406-325-9738 Fax BPutnam () digitalcomply com This email communication may contain CONFIDENTIAL INFORMATION WHICH ALSO MAY BE LEGALLY PRIVILEGED and is intended only for the use of the intended recipients identified above. If you are not the intended recipient of this communication, you are hereby notified that any unauthorized review, use, dissemination, distribution, downloading, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by reply email, delete the communication and destroy all copies. -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Rob Shavell Sent: Monday, July 21, 2008 4:51 PM To: dataloss () attrition org Subject: [Dataloss] confirming victims of data breaches? hi all, as notification laws proliferate, i'm wondering, w/out a notification letter, can consumers themselves really confirm if they are part of a breach? in my experience, calling up a company directly to ask if you are affected by a breach results in a canned response saying "did you get a letter"? or "contact your credit card company" do companies have any responsibility to tell those who may have NOT YET received a notification (state doesn't require it, moved, whatever) that they are indeed affected? if not, doesn't this reality counter the spirit of the laws and companies doing the right thing? i understand that SSNbreach (and maybe others?) are trying to do something about this. is there any way to empower consumers here? rgds, rob ___________________ Rob Shavell Director of Compliance IdentityForce _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- confirming victims of data breaches? Rob Shavell (Jul 21)
- Re: confirming victims of data breaches? Brad Putnam (Jul 21)
- Re: confirming victims of data breaches? DAIL, WILLARD A (Jul 22)
- Re: confirming victims of data breaches? Mike Simon (Jul 22)
- Re: confirming victims of data breaches? DAIL, WILLARD A (Jul 22)
- Re: confirming victims of data breaches? DAIL, WILLARD A (Jul 22)
- Re: confirming victims of data breaches? Brad Putnam (Jul 21)