BreachExchange mailing list archives
Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?]
From: Adam Shostack <adam () homeport org>
Date: Tue, 21 Feb 2006 11:35:45 -0500
On Tue, Feb 21, 2006 at 11:30:02AM -0500, Mike Fratto wrote: | On 2/20/06, Adam Shostack <adam () homeport org> wrote: | > Interesting article. I wonder how many laptops need to be stolen for | > it to be forseeable. | | That's not the issue. The issue is did the company take due care? | | Since the regulations like GLBA, HIPAA, SOX 404, and others are so | incredibly vague, the courts look to other things like "best | practices". One way of defininf that is "are they doing what their | peers are doing to protect data." The idea being the collective has a | better idea of a best practice than an individual. Stupid, I know, but | that is the way it is. The courts need to go somewhere for guidance. Sure. Doesn't the standard of due care depend (in part) on foreseeability? Eg, a normal person should forsee that kids will come play in their pool. IANAL. Best practices also change quickly--from the introduction of radio to the time that a ship was expected to have a radio to avoid negligence wasn't all that long. | I really think the regulations are written in a vacuum. Ever read the | techincal requirements for HIPAA? I doubt that they had any IT input. | I could think of a dozen ways that I would have reqorded each passage | so that it was more specific on the required functions while still | being flexible enough for future use. But that's just me. Yes. _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Adam Shostack (Feb 20)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Mike Fratto (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Adam Shostack (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Chris Walsh (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] blitz (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Doc (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] blitz (Feb 22)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Adam Shostack (Feb 21)
- Re: [vanderaj () greebo net: SF new column announcement: Strict liability for data breaches?] Mike Fratto (Feb 21)
- Message not available