Re: Researchers Say Notification Laws Are Not Lowering ID Theft Incidents

[Henry Brown <hbrown () knology net>]

A link to the paper by Sasha Romanosky and others 
http://weis2008.econinfosec.org/papers/Romanosky.pdf

Another  "article"  on the 20 page paper..
http://news.idg.no/cw/art.cfm?id=56E28F72-17A4-0F78-3155C53BCC1D1B0D

Researchers say notification laws not lowering ID theft

[...]

Because reports to the FTC are incomplete, it's hard to draw conclusions 
from the data, said Gartner analyst Avivah Litan. But she noted that 
while breach laws have made lost laptops front-page news, many companies 
have responded to tighter laws and regulations by focusing more on 
compliance than on security.

Often, that's not good enough to protect customers from ID theft, she 
said. "If you just meet the letter of the law you may pass an audit, but 
you have to pass the spirit of the law."

Romanosky admits that there may be problems in the methodology used by 
his team. And while he noted that the data -- compiled from 
self-reported complaints -- may not be perfect, the FTC database is the 
only source of this type of information.

[...]

-------- Original Message --------
Subject: [Dataloss] Researchers Say Notification Laws Are Not Lowering 
ID    Theft Incidents
From: Paul Ferguson <fergdawg () netzero net>
To: dataloss () attrition org
Date: 6/5/2008 12:20 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If anyone finds a link to the CMU report, please forward it to
> the list.
>
> Via ComputerWorld.


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml