Commentary on data breach laws

[Henry Brown <hbrown () knology net>]

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9096538
Opinion: Breach laws fail to protect anyone

By Bart Lazar

 The database security laws passed by 39 states cause businesses 
substantial expense. Although the goal of these laws is to prevent 
identity theft, there is no credible evidence that demonstrates that the 
supposed benefit to consumers outweighs the administrative burden and 
expense caused to companies. Because the alleged benefits are illusory, 
a company's time and resources would be better spent on proactive 
efforts to prevent data breaches.

With security breaches at major companies frequently in the news, 
legislators feel pressured to pass laws to protect consumers. No 
politician wants to be viewed as being soft on identity theft. However, 
legislatures have not passed proactive laws that would prevent theft, 
but reactive ones that impose substantial burdens on companies.

[...]

Ultimately, the privacy and security interests of our citizens may be 
better served if the money spent on reacting to security breaches as 
part of a legislated incident response instead was invested on a 
proactive basis into security infrastructure and training.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml