BreachExchange mailing list archives
Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?]
From: "Mike Fratto" <mfratto () gmail com>
Date: Tue, 21 Feb 2006 11:30:02 -0500
On 2/20/06, Adam Shostack <adam () homeport org> wrote:
Interesting article. I wonder how many laptops need to be stolen for it to be forseeable.
That's not the issue. The issue is did the company take due care? Since the regulations like GLBA, HIPAA, SOX 404, and others are so incredibly vague, the courts look to other things like "best practices". One way of defininf that is "are they doing what their peers are doing to protect data." The idea being the collective has a better idea of a best practice than an individual. Stupid, I know, but that is the way it is. The courts need to go somewhere for guidance. I really think the regulations are written in a vacuum. Ever read the techincal requirements for HIPAA? I doubt that they had any IT input. I could think of a dozen ways that I would have reqorded each passage so that it was more specific on the required functions while still being flexible enough for future use. But that's just me. _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Adam Shostack (Feb 20)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Mike Fratto (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Adam Shostack (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Chris Walsh (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] blitz (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Doc (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] blitz (Feb 22)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Adam Shostack (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Mike Fratto (Feb 21)
- Message not available