BreachExchange mailing list archives
Re: Do Breach Notification Laws Work?
From: TSG <tglassey () earthlink net>
Date: Mon, 16 Mar 2009 07:22:16 -0700
Adam Shostack wrote:
On Thu, Mar 12, 2009 at 06:12:44PM -0400, Jeffrey Walton wrote: | > breach notification letters as junk mail rather than acting to | > protect their identity, experts say. | It's unfortunate that consumer behavior is so predictable. Over | exposure has lead to apathy in most cases. It's been an Achilles heel | for a lot of security initiatives: browser warnings, problematic | certificates, site redirection, etc. Users just click OK to keep | drilling on... Many do not even take the time to read the warning | message. Most who do read the warning do not understand it because | security folks and programmers are the author of the warning. Mom and | Grandpop have no idea of what is being said in most instances. It would be great if consumer behavior were predictable, and security people bothered to try predicting their reactions to our efforts, rather than repeating the mistakes of the past.
The issue here is legal accountability for failing or refusing to release information about incompetence in the operations of the 'system where the leak occurred' in one form or another. And really has NOTHING to do with the bull-sh*t response regarding 'customer predictability' - this again is an issue where the law is very clear and technology and business people believe that they have a better way - or that they are not constrained by it. Something about what happens when we put on that white coat. Personally - its time to start sending people to jail for refusing to meet the requirements of the law. Todd Glassey
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Do Breach Notification Laws Work? security curmudgeon (Mar 12)
- Re: Do Breach Notification Laws Work? Jeffrey Walton (Mar 12)
- Re: Do Breach Notification Laws Work? bethg (Mar 12)
- Re: Do Breach Notification Laws Work? Adam Shostack (Mar 16)
- Re: Do Breach Notification Laws Work? TSG (Mar 16)
- Re: Do Breach Notification Laws Work? Adam Shostack (Mar 16)
- Re: Do Breach Notification Laws Work? Chris Walsh (Mar 16)
- Revising CA breach law (SB 20) Sasha Romanosky (Mar 16)
- Re: Revising CA breach law (SB 20) B.K. DeLong (Mar 16)
- Re: Revising CA breach law (SB 20) Chris Walsh (Mar 16)
- Re: Revising CA breach law (SB 20) security curmudgeon (Mar 16)
- Re: Do Breach Notification Laws Work? Jeffrey Walton (Mar 12)