BreachExchange mailing list archives
Re: [vanderaj () greebo net: SF new column announcement:Strict liability for data breaches?]
From: <MariaParedes () financial wellsfargo com>
Date: Tue, 21 Feb 2006 10:59:54 -0600
I completely agree on having the IT community provide input on the technical aspects for each of those acts. Ever since joining this list (less than a month), I've noticed a pattern: the data breaches across the US and the world seem to be a daily issue. Every time I read of another data loss, I question the security and policies of these major corporations in whom so many consumers trust their personal and financial information to. I believe major changes need to happen in the data security arena and one of those should be to empower (and inform) the billions of affected individuals to take charge and follow suit for any company that mishandles their information. After all, why would I want to trust a company with my personal and/or financial data if they cannot assure me that it will be protected as their most valuable asset? María G Paredes OS Analyst "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation". "Este mensaje puede contener información confidencial y/o privilegiada. Si usted no es el destinatario o no está autorizado para recibirlo por parte del destinatario, usted no puede usar, copiar, revelar, o tomar ninguna acción basada en este mensaje o cualquier información en el mismo. Si usted ha recibido este mensaje por error, favor de notificarle al remitente inmediatamente al responder a este correo electrónico y borre este mensaje. Gracias por su cooperación." -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Adam Shostack Sent: Tuesday, February 21, 2006 10:36 AM To: Mike Fratto Cc: dataloss () attrition org Subject: Re: [Dataloss] [vanderaj () greebo net: SF new column announcement:Strict liability for data breaches?] On Tue, Feb 21, 2006 at 11:30:02AM -0500, Mike Fratto wrote: | On 2/20/06, Adam Shostack <adam () homeport org> wrote: | > Interesting article. I wonder how many laptops need to be stolen for | > it to be forseeable. | | That's not the issue. The issue is did the company take due care? | | Since the regulations like GLBA, HIPAA, SOX 404, and others are so | incredibly vague, the courts look to other things like "best | practices". One way of defininf that is "are they doing what their | peers are doing to protect data." The idea being the collective has a | better idea of a best practice than an individual. Stupid, I know, but | that is the way it is. The courts need to go somewhere for guidance. Sure. Doesn't the standard of due care depend (in part) on foreseeability? Eg, a normal person should forsee that kids will come play in their pool. IANAL. Best practices also change quickly--from the introduction of radio to the time that a ship was expected to have a radio to avoid negligence wasn't all that long. | I really think the regulations are written in a vacuum. Ever read the | techincal requirements for HIPAA? I doubt that they had any IT input. | I could think of a dozen ways that I would have reqorded each passage | so that it was more specific on the required functions while still | being flexible enough for future use. But that's just me. Yes. _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- Re: [vanderaj () greebo net: SF new column announcement:Strict liability for data breaches?] MariaParedes (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement:Strict liability for data breaches?] Mike Fratto (Feb 22)
- Federal Security Breach legislation Saundra Kae Rubel (Feb 22)
- Re: Federal Security Breach legislation Halbert Thomas (Feb 22)
- Federal Security Breach legislation Saundra Kae Rubel (Feb 22)
- Re: [vanderaj () greebo net: SF new column announcement:Strict liability for data breaches?] Mike Fratto (Feb 22)