BreachExchange mailing list archives
Commentary on data breach laws
From: Henry Brown <hbrown () knology net>
Date: Sat, 14 Jun 2008 07:38:43 -0500
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9096538 Opinion: Breach laws fail to protect anyone By Bart Lazar The database security laws passed by 39 states cause businesses substantial expense. Although the goal of these laws is to prevent identity theft, there is no credible evidence that demonstrates that the supposed benefit to consumers outweighs the administrative burden and expense caused to companies. Because the alleged benefits are illusory, a company's time and resources would be better spent on proactive efforts to prevent data breaches. With security breaches at major companies frequently in the news, legislators feel pressured to pass laws to protect consumers. No politician wants to be viewed as being soft on identity theft. However, legislatures have not passed proactive laws that would prevent theft, but reactive ones that impose substantial burdens on companies. [...] Ultimately, the privacy and security interests of our citizens may be better served if the money spent on reacting to security breaches as part of a legislated incident response instead was invested on a proactive basis into security infrastructure and training. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Commentary on data breach laws Henry Brown (Jun 14)