BreachExchange mailing list archives
Breach notification laws: When should companies tell all?
From: lyger <lyger () attrition org>
Date: Fri, 3 Mar 2006 11:13:08 -0500 (EST)
http://computerworld.com/securitytopics/security/story/0,10801,109161,00.html MARCH 02, 2006 (COMPUTERWORLD) - While there appears to be growing industry consensus that security breach notification laws have forced companies to take more responsibility for the data they own, there is little agreement on exactly when companies should be required to notify consumers when a data breach occurs. Ranged on one side of the debate are those who want alerts for any breach involving the potential exposure of sensitive data. On the other side are those who say that a higher disclosure threshold is needed to avoid overnotification and needless costs. "We clearly have a responsibility to safeguard customer information," said Kirk Herath, chief privacy officer and associate general counsel at Nationwide Mutual Insurance Co. in Columbus, Ohio. "If we lose information, it's our responsibility to inform consumers because that"s the only way they can protect themselves." However, many existing state laws have "hair-triggers" when it comes to disclosure requirements, he said. "I really think the standard for disclosure should be a clear risk of danger or harm to the consumer." [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- Breach notification laws: When should companies tell all? lyger (Mar 03)