BreachExchange mailing list archives
Re: Researchers Say Notification Laws Are Not Lowering ID Theft Incidents
From: Adam Shostack <adam () homeport org>
Date: Thu, 5 Jun 2008 11:01:57 -0400
There's also no evidence that the laws reduce baggy pants. But that was't their intent either. Their intent was to reduce the *impact* of id theft. Adam On Thu, Jun 05, 2008 at 05:20:00AM +0000, Paul Ferguson wrote: | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | If anyone finds a link to the CMU report, please forward it to | the list. | | Via ComputerWorld. | | [snip] | | Over the past five years, 43 U.S. states have adopted data breach | notification laws, but has all of this legislation actually cut down on | identity theft? Not according to researchers at Carnegie Mellon University | who have published a state-by-state analysis of data supplied by the U.S. | Federal Trade Commission (FTC). | | "There doesn't seem to be any evidence that the laws actually reduce | identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon | who is one of the paper's authors. | | Romanosky's team took a state-by-state look at FTC identity theft | complaints filed between 2002 and 2006 to see whether there was a | noticeable impact on complaints in states that had adopted data breach | notification laws such as California's SB 1386, which compels companies and | institutions to notify state residents when their personal information has | been lost or stolen. Their paper is set to be presented at a conference on | Information Security Economics held at Dartmouth College later this month. | | [snip] | | More: | http://www.computerworld.com/action/article.do?command=viewArticleBasic&art | icleId=9093659 | | - - ferg | | -----BEGIN PGP SIGNATURE----- | Version: PGP Desktop 9.6.3 (Build 3017) | | wj8DBQFIR3d8q1pz9mNUZTMRAtjSAKCiepk/4oEETO5heMLRAPZx+8E2gwCfVenZ | tzWLNWN3geNZwCkMsfKebes= | =RgQy | -----END PGP SIGNATURE----- | | | -- | "Fergie", a.k.a. Paul Ferguson | Engineering Architecture for the Internet | fergdawg(at)netzero.net | ferg's tech blog: http://fergdawg.blogspot.com/ | | _______________________________________________ | Dataloss Mailing List (dataloss () attrition org) | http://attrition.org/dataloss | | Tenable Network Security offers data leakage and compliance monitoring | solutions for large and small networks. Scan your network and monitor your | traffic to find the data needing protection before it leaks out! | http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Researchers Say Notification Laws Are Not Lowering ID Theft Incidents Paul Ferguson (Jun 04)
- Re: Researchers Say Notification Laws Are Not Lowering ID Theft Incidents lyger (Jun 04)
- Re: Researchers Say Notification Laws Are Not Lowering ID Theft Incidents Henry Brown (Jun 05)
- Re: Researchers Say Notification Laws Are Not Lowering ID Theft Incidents Adam Shostack (Jun 05)
- Re: Researchers Say Notification Laws Are Not Lowering ID Theft Incidents Chris Walsh (Jun 07)