Re: rant: Useless Compensation for Data Loss Incidents

[Al Mac Wheel <macwheel99 () wowway com>]

Keep thinking ... hopefully your great ideas will help "bridge" us to 
better ones.

A problem here is that for many id theft victims, there is no clear link to 
which breach led to them becoming a victim.  Many of us have had multiple 
alerts that one place or another breached our private information.  Prior 
threads have shown that there may be many breaches going on that are not 
getting reported.

It there is to be serious help for id victims, I believe it could be funded 
out of some insurance fund that is populated by outfits with known 
breaches, so that all victims get consistent assistance, probably inadequate.

I personally have id theft insurance from Allstate.  The deal is that 
Allstate has a private detective firm on retainer, on behalf of their 
policy holders, that will perform a service very similar to what you 
describe, in the event I join the ranks of an id theft victim.  This is a 
rider on my personal property insurance policy.  I am also taking personal 
life style choices to try to reduce the risk of me having to cash in that 
policy.

, Derek Rigsby wrote:
> I am certainly biased and for that reason usually keep my comments to
> myself.  In this case I am compelled to speak up.  I could not agree more
> that credit monitoring is not a solution for victims of a breach event.  I
> also believe a victim of a breach event cannot "prevent" the fraudulent use
> of ones identity.  However, victims can have all aspects of their identity
> (except medical records protected by HIPPA) restored to 100% of their
> pre-theft status.  I am not talking about a do it yourself manual.  Victims
> should be assigned a dedicated recovery advocate armed with a limited power
> of attorney.  This POA gives an advocate the authority to do the recovery
> work on behalf of the victim.  At the same time the information gleaned from
> the recovery process can be shared with authorities in an effort to help
> prosecute the criminals that committed the identity theft.
>
> At some point a victim will learn that their identity has been used
> fraudulently regardless of whether or not they have credit monitoring.
> After the victim suspects fraudulent activity they should be required to
> file a police report.  That report will cut down on victims trying to get
> their legitimate big screen TV purchase written off as id theft since filing
> a false report is a crime.  Then the company that experienced the breach
> should pay for a fully managed recovery and warranty the restoration for 3
> years.  The cost of doing this would be less than that of blanket credit
> monitoring programs and the victim is better off in the long run.
>
> Again I am not trying to use this rant to sell product.  I just believe it
> is an actual solution to post mortem breach responses.  It best serves the
> victim, offers a lower price to the company breached (we will all pay higher
> prices to cover these costs in the end) and it helps our overstretched law
> enforcement deal with the overwhelming surge in identity theft.
>
>
> Derek Rigsby
> 720.278.0756
> Derek.Rigsby () idcure com

<snip> earlier

Al Macintyre
Computer Professional


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml