BreachExchange mailing list archives
Re: A data security breach legislation question
From: "Michael Hill, CITRMS" <mhill () idtexperts com>
Date: Wed, 12 Mar 2008 15:05:42 -0400
I couldn't agree with you more that credit monitoring that companies offer after the breach is misleading the individuals that they are now protected in becoming a victim. And offer it for one year as if they'll be OK after the year is up. With that being said, almost half of the recent 10 breaches are from the medical industry. Medical identity theft has been prominently featured in numerous magazines and television in the last 8–10 months, but most experts don’t know what to do with it. Many are recommending or providing credit monitoring as a solution; but what is it about someone using your medical information that would ever make you think that it could be detected by credit monitoring? I'd have to say the same for fraud alerts and credit freezes. Mike Michael Hill Certified Identity Theft Risk Management Specialist IDT Consultants 404-216-3751 "If You Think You're Not At Risk, Think Again!" NOTICE: This email and any attachment to it is confidential and protected by law and intended for the use of the individual(s) or entity named on the email. This information and all email information from the sender is not legal advice nor legal representation and should not be construed as legal advice nor legal representation. Check with your attorney in your State for legal advice. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination or distribution of this communication is prohibited. If you have received this communication in error, please notify the sender via return email and delete it completely from your email system. If you have printed a copy of the email, please destroy it immediately. ----- Original Message ----- From: Craig Muller To: dataloss () attrition org Sent: Wednesday, March 12, 2008 11:25 AM Subject: Re: [Dataloss] A data security breach legislation question Hi Rob, I believe companies are offering credit monitoring because they are concerned with lawsuits and public perception. Little do they know that credit monitoring is a costly and less effective solution than one of the free alternative, fraud alerts. It’s unfortunate that promotion of credit monitoring gives the false impression that consumers are protected from identity theft if they pay for credit monitoring. I would much rather get a phone call when someone is attempting to access my credit report (fraud alerts) than to be notified electronically after it has been accessed. Plus the fraud alert is free. Regards, Craig Craig Muller VP Identity Services 714.417.9984 craig () freeidentityprotect com www.freeidentityprotect.com ----- Original Message ----- From: "Rob Shavell" <slvrspoon () gmail com> To: <dataloss () attrition org> Sent: Wednesday, March 12, 2008 7:30 AM Subject: Re: [Dataloss] A data security breach legislation question > hi all, > the question i have around US data breach notification legislation is this: > > "why are we counting states?" > > if most legislation applies to affected record-holders if they are > residents and 95% of breaches already either happen in a state with a > law or include records of persons residing in such states, then... > hasn't this basically become a necessity? > > in other words, organizations had better just notify to be in compliance. > > following from this: what is the importance to an organization of > reading through particulars of state by state legislation when they > can just follow California, notify everyone, and be in compliance? > > bonus question: in your opinion, why are so many companies choosing to > include credit monitoring services for those affected? a) altruism b) > just not that costly c) concern about downstream law-suits d) ? > > rgds, > rob > > > > > On 10/03/2008, Susan Orr <susan () susanorrconsulting com> wrote: >> I was just looking at the various states the other day, and there are >> some differences - some exempt encrypted information, some exclude >> financial institutions and others that are covered under other existing >> federal and state laws like GLBA. One state I believe exempts "state >> agencies" Oklahoma I think. >> >> Didn't know it was up to 40, last I saw was 38. I'll have to check it >> out, thanks. >> >> >> Rebecca Herold wrote: >> > Counting the District of Columbia, as of the end of October it was 40; see >> > http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07.pdf >> > >> > Best regards, >> > >> > Rebecca Herold >> > ----- Original Message ----- No virus found in this outgoing message. Checked by AVG. Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date: 3/11/2008 1:41 PM ------------------------------------------------------------------------------ _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: A data security breach legislation question, (continued)
- Re: A data security breach legislation question Rebecca Herold (Mar 10)
- Re: A data security breach legislation question Privacy Laws (Mar 10)
- Re: A data security breach legislation question Rebecca Herold (Mar 10)
- Re: A data security breach legislation question Susan Orr (Mar 10)
- Re: A data security breach legislation question Rob Shavell (Mar 12)
- Re: A data security breach legislation question Miller, Terry (Mar 12)
- SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Mark Simon (Mar 12)
- Re: SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Miller, Terry (Mar 12)
- Re: A data security breach legislation question Rebecca Herold (Mar 10)
- Re: A data security breach legislation question Rebecca Herold (Mar 12)
- Re: A data security breach legislation question Craig Muller (Mar 12)
- Re: A data security breach legislation question Michael Hill, CITRMS (Mar 12)
- Re: A data security breach legislation question Beth Givens (Mar 12)
- Re: A data security breach legislation question Peyton, Janet P. (Mar 12)
- Re: A data security breach legislation question Chris Walsh (Mar 12)