Re: Data breach notification survey

["TSG" <tglassey () earthlink net>]

I agree... but the government and congress will never do this. The only way 
to make it work is sue over copyright issues to the information itself. 
Creating a virtual trademark per se, that is composed of the personal 
information might work for this.

Todd Glassey

----- Original Message ----- 
From: "Edward White" <ewhite () avrenter com>
To: "Henry Brown" <hbrown () knology net>
Cc: <dataloss () attrition org>
Sent: Thursday, June 12, 2008 9:15 AM
Subject: Re: [Dataloss] Data breach notification survey


> Here is a novel idea:
> 1) Companies should not be able to buy and sell personal information.
>
> 2) Companies, mainly retailers, should not be able to keep information
> swiped via a credit card or any other card past the time of payment
>
> 3) If Companies are required to keep any personal data for any reason
> and for any amount of time; they should be required to protect the data
> with encryption
>
> If the companies violate any of these points the CEO, CFO and CIO should
> have to go to jail for 90 days.  There should be a time period of 6
> months to complete the protection.  After the first set of executives
> goes to jail for 90 days most of the companies will be compliant very
> quickly.  If you do not have the data, you can not lose it; if you
> protect the data it can't be used.  This should knock out most of the
> problems and guess what the companies will not have the liability issue
> :)
>
> -----Original Message-----
> From: dataloss-bounces () attrition org
> [mailto:dataloss-bounces () attrition org] On Behalf Of Henry Brown
> Sent: Thursday, June 12, 2008 12:04 PM
> To: dataloss () attrition org
> Subject: [Dataloss] Data breach notification survey
>
> From clearswift.com press release
> http://www.clearswift.com/news/item.aspx?ID=1465
>
> [...]
> Results highlights:
>
> 78% of IT decision-makers don't believe the general public should be
> informed if a data breach occurs;
> 54% of U.S. IT decision-makers are unaware of data breach disclosure
> laws;
> 53% are in favor of legislation that would force companies to publicly
> declare a data breach if it occurred; 38% are in favour of legislation
> that would make negligent loss of personal information a criminal
> offence;
> 19% of companies have suffered a data loss in the last 12-18 months; 50%
>
> more than once;
> 38% of IT managers have seen their annual IT spends increased by as much
>
> as 10% since data breach notification legislation were introduced.
>
> [...]
>
> While respondents felt the general public did not need to know (78%),
> they did indicate that affected customers and partners should be
> informed (95%) while less than half of them felt that industry
> regulators (42%) or even the police (35%) should be notified.
>
> [...]
>
> All the above figures, unless otherwise stated are from Clearswift.
> Total sample size was 3 340 US IT decision makers. Fieldwork was
> undertaken between March 10 and April 10, 2008. The survey was completed
>
> online.
>
> [...]
>
>
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor
> your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3181 (20080612) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3181 (20080612) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml 

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml