Re: Do Breach Notification Laws Work?

[Chris Walsh <chris () cwalsh org>]

A cynic would argue that the notification letters, while compliant
with the relevant laws, are designed to have precisely the effect they
are reported here to be having.

cw


On Sun, Mar 15, 2009 at 8:51 AM, Adam Shostack <adam () homeport org> wrote:
> On Thu, Mar 12, 2009 at 06:12:44PM -0400, Jeffrey Walton wrote:
> | > breach notification letters as junk mail rather than acting to
> | > protect their identity, experts say.
> | It's unfortunate that consumer behavior is so predictable. Over
> | exposure has lead to apathy in most cases. It's been an Achilles heel
> | for a lot of security initiatives: browser warnings, problematic
> | certificates, site redirection, etc. Users just click OK to keep
> | drilling on... Many do not even take the time to read the warning
> | message. Most who do read the warning do not understand it because
> | security folks and programmers are the author of the warning. Mom and
> | Grandpop have no idea of what is being said in most instances.
>
> It would be great if consumer behavior were predictable, and security
> people bothered to try predicting their reactions to our efforts,
> rather than repeating the mistakes of the past.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss