Re: CEOs deserve jail for data breaches

["Allan Friedman" <allan_friedman () ksgphd harvard edu>]

The only reason to advocate this sort of measure is if we have
concrete proof that the personal-punishment type laws are more
effective than the other alternatives that have been discussed on this
list, including *effective* liability models or a shared culture of
openness and communication to prevent future breaches.

Personal criminal charges seem to be the worse of both worlds: strong
incentives not to share any information, and no real attempt to help
those hurt by breaches.

Has anyone seen any good research about the personal-responsibility
rules in SOX?
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml