BreachExchange mailing list archives
Re: rant: Useless Compensation for Data Loss Incidents
From: Al Mac Wheel <macwheel99 () wowway com>
Date: Thu, 12 Jun 2008 10:57:37 -0500
Keep thinking ... hopefully your great ideas will help "bridge" us to better ones. A problem here is that for many id theft victims, there is no clear link to which breach led to them becoming a victim. Many of us have had multiple alerts that one place or another breached our private information. Prior threads have shown that there may be many breaches going on that are not getting reported. It there is to be serious help for id victims, I believe it could be funded out of some insurance fund that is populated by outfits with known breaches, so that all victims get consistent assistance, probably inadequate. I personally have id theft insurance from Allstate. The deal is that Allstate has a private detective firm on retainer, on behalf of their policy holders, that will perform a service very similar to what you describe, in the event I join the ranks of an id theft victim. This is a rider on my personal property insurance policy. I am also taking personal life style choices to try to reduce the risk of me having to cash in that policy. , Derek Rigsby wrote:
I am certainly biased and for that reason usually keep my comments to myself. In this case I am compelled to speak up. I could not agree more that credit monitoring is not a solution for victims of a breach event. I also believe a victim of a breach event cannot "prevent" the fraudulent use of ones identity. However, victims can have all aspects of their identity (except medical records protected by HIPPA) restored to 100% of their pre-theft status. I am not talking about a do it yourself manual. Victims should be assigned a dedicated recovery advocate armed with a limited power of attorney. This POA gives an advocate the authority to do the recovery work on behalf of the victim. At the same time the information gleaned from the recovery process can be shared with authorities in an effort to help prosecute the criminals that committed the identity theft. At some point a victim will learn that their identity has been used fraudulently regardless of whether or not they have credit monitoring. After the victim suspects fraudulent activity they should be required to file a police report. That report will cut down on victims trying to get their legitimate big screen TV purchase written off as id theft since filing a false report is a crime. Then the company that experienced the breach should pay for a fully managed recovery and warranty the restoration for 3 years. The cost of doing this would be less than that of blanket credit monitoring programs and the victim is better off in the long run. Again I am not trying to use this rant to sell product. I just believe it is an actual solution to post mortem breach responses. It best serves the victim, offers a lower price to the company breached (we will all pay higher prices to cover these costs in the end) and it helps our overstretched law enforcement deal with the overwhelming surge in identity theft. Derek Rigsby 720.278.0756 Derek.Rigsby () idcure com
<snip> earlier Al Macintyre Computer Professional _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- rant: Useless Compensation for Data Loss Incidents lyger (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents DAIL, WILLARD A (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents M Barnett - TIFRM (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Michael Hill, CITRMS (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Derek Rigsby (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Al Mac Wheel (Jun 12)
- Re: rant: Useless Compensation for Data Loss Incidents Michael Hill, CITRMS (Jun 11)
- <Possible follow-ups>
- Re: rant: Useless Compensation for Data Loss Incidents MKEVHILL (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents David Metcalf (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Nell Walton (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents David Metcalf (Jun 11)