BreachExchange mailing list archives
Re: Data breach notification survey
From: "Edward White" <ewhite () avrenter com>
Date: Thu, 12 Jun 2008 12:15:30 -0400
Here is a novel idea: 1) Companies should not be able to buy and sell personal information. 2) Companies, mainly retailers, should not be able to keep information swiped via a credit card or any other card past the time of payment 3) If Companies are required to keep any personal data for any reason and for any amount of time; they should be required to protect the data with encryption If the companies violate any of these points the CEO, CFO and CIO should have to go to jail for 90 days. There should be a time period of 6 months to complete the protection. After the first set of executives goes to jail for 90 days most of the companies will be compliant very quickly. If you do not have the data, you can not lose it; if you protect the data it can't be used. This should knock out most of the problems and guess what the companies will not have the liability issue :) -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Henry Brown Sent: Thursday, June 12, 2008 12:04 PM To: dataloss () attrition org Subject: [Dataloss] Data breach notification survey From clearswift.com press release http://www.clearswift.com/news/item.aspx?ID=1465 [...] Results highlights: 78% of IT decision-makers don't believe the general public should be informed if a data breach occurs; 54% of U.S. IT decision-makers are unaware of data breach disclosure laws; 53% are in favor of legislation that would force companies to publicly declare a data breach if it occurred; 38% are in favour of legislation that would make negligent loss of personal information a criminal offence; 19% of companies have suffered a data loss in the last 12-18 months; 50% more than once; 38% of IT managers have seen their annual IT spends increased by as much as 10% since data breach notification legislation were introduced. [...] While respondents felt the general public did not need to know (78%), they did indicate that affected customers and partners should be informed (95%) while less than half of them felt that industry regulators (42%) or even the police (35%) should be notified. [...] All the above figures, unless otherwise stated are from Clearswift. Total sample size was 3 340 US IT decision makers. Fieldwork was undertaken between March 10 and April 10, 2008. The survey was completed online. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml __________ Information from ESET NOD32 Antivirus, version of virus signature database 3181 (20080612) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 3181 (20080612) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Data breach notification survey Henry Brown (Jun 12)
- Re: Data breach notification survey Edward White (Jun 12)
- Re: Data breach notification survey TSG (Jun 12)
- <Possible follow-ups>
- Fw: Data breach notification survey TSG (Jun 12)
- Re: Data breach notification survey Edward White (Jun 12)