BreachExchange mailing list archives

Re: They Take it Seriously? Oh, Sure

From: George Toft <george () myitaz com>
Date: Thu, 11 Jan 2007 07:18:21 -0700

In UC's defense, they have a very aggressive information protection 
policy - something like 150 pages of policy/procedure designed to 
protect information as required by GLBA (it's been a while since I read 
it, so my page count might be off).

I think they are the exception rather than the rule as they've done more 
than most to protect their data.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
623-203-1760

Confidential data protection experts for the financial industry.


Richard Forno wrote:

They Take it Seriously? Oh, Sure
January 9th, 2007 by Dan Gillmor

(I originally wrote this for PR Week magazine.)

Several weeks ago, UCLA acknowledged that some of its computers had been
hacked. Obeying a state law, it notified more than 800,000 people that their
personal data, including Social Security numbers, might have ended up in the
wrong hands.

The fact that the data got loose wasn¹t all that striking. Unfortunately,
that¹s all too common. What struck me was this statement from a hapless UCLA
honcho: ³We have a responsibility to safeguard personal information, an
obligation that we take very seriously.²

When and where have I heard that before? All kinds of times and places,
actually. It¹s becoming a mantra that means almost nothing.

Try this: Plug ³we take² and ³very seriously² into a Google News or Yahoo
News search. You¹ll get hundreds of hits, albeit some repeats, where some
big institution - corporate, educational, government, whatever - makes a
giant blunder and then issues a ³we take (insert the violated policy) very
seriously² statement.

< - >

http://citmedia.org/blog/2007/01/09/they-take-it-seriously-oh-sure/


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 529 incidents over 6 years.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 530 incidents over 7 years.

Current thread:

They Take it Seriously? Oh, Sure Richard Forno (Jan 10)
- Re: They Take it Seriously? Oh, Sure B.K. DeLong (Jan 10)
- Re: They Take it Seriously? Oh, Sure George Toft (Jan 11)
  - Re: They Take it Seriously? Oh, Sure Adrian Sanabria (Jan 20)
- <Possible follow-ups>
- Re: They Take it Seriously? Oh, Sure Sean Steele (Jan 10)
  - Message not available
    - Message not available
    - Re: They Take it Seriously? Oh, Sure B.K. DeLong (Jan 10)