Re: Senator questions FBI on ChoicePoint contract

[Chris Walsh <cwalsh () cwalsh org>]

On Fri, Apr 07, 2006 at 01:30:25PM -0400, security curmudgeon wrote:
> Seems like such an incident would take a lot to recover from. So, for the 
> list subscribers, what would it take for you to resume business with a 
> company that lost your data?

"It depends".

If a mom and pop operation trusted a consultant to set up their POS
system, and they exposed my CC#, but fixed it fast and put in measures
to detect/prevent a recurrence, I'd continue to do business.

If a hospital, pharmacy, or HR benefits service provider exposed
my data via a screwup on the level of CardSystems, I would (assuming
I had a choice) never, ever, go back.  In fact, to use the benefits 
provider or pharmacy examples, I would inform future employers during
the negotiation/offer process that their routing my PII through these
outfits was a deal killer.

Especially where there is competition (Big 4, please pay attention),
this is a way to effect change, IMO.

In other words, could they have known, should they have known, how much
was actually put at risk, and what did they do about it would all be
things I would use in my decision-making.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/