Re: Employee vs client data?

[Adam Shostack <adam () homeport org>]

On Mon, Oct 16, 2006 at 12:45:28PM -0400, Dissent wrote:
| "B.K. DeLong" <bkdelong () pobox com> wrote:
| 
| > It would be cool if we could begin distinguishing whether it was
| employee
| > data that was lost or client data, (or both).
| 
| 
| It would be even cooler if our govt. actually had a clue what kinds of
| data were even on the thousands of govt. or govt contractor laptops
| etc. that have been lost or stolen by now.
| 
| I think we should have a separate "clueless index" as a running total
| of the number of as-yet-unrecovered lost or stolen laptops, computers,
| flash drives or media that are gone and where we have no idea in h*ll
| what was even on them.

While I agree with you and share your frustration, I think its very
important to realize that the data we're getting us under threat of
being taken away by federal legislation.  That legislation is being
driven by the apparently reasonable demand to "harmonize" and add a
ceiling to exisiting laws.

I'm working very hard to generate awareness of the long term value we
get from the temporary pain, and in doing so, would like to hold down
the level of pain to no more than it needs to be.  Calling people
clueless, while fun, and perhaps even sometimes accurate, isn't going
to get us where I think we want to go, which is greater and more
consistent disclosure of problems.

Adam
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 137 million compromised records in 430 incidents over 6 years.