BreachExchange mailing list archives
How Data Laws Slap Insecure Companies
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 29 Apr 2010 16:13:20 -0400
http://www.forbes.com/2010/04/27/breach-disclosure-data-technology-security-laws.html?boxes=Homepagechannels A new study shows just how much data loss disclosure rules punish firms that have spilled sensitive information. Breach disclosure laws--the rules that require companies to alert customers or employees when they've lost control of their private data--may not always achieve their intention to prevent identity theft. But a new study suggests the laws bolster protections in a less direct way: by financially punishing companies that suffer data security mishaps. In an analysis of 133 companies in five countries, the privacy-focused nonprofit Ponemon Institute surveyed executives anonymously on the financial repercussions of data breaches they had experienced in the last year. The study found that American companies lost about $6.75 million on average as a result of data spillages, only slightly higher than the $6.6 million per incident that they experienced in 2009. Ponemon found a more significant trend: Companies in countries like the U.S. and Germany, which in most cases require firms to tell the affected individuals when their personal data has been spilled, experience far higher losses than companies in countries that allow breach victims to hide their data security incidents. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- How Data Laws Slap Insecure Companies Jake Kouns (Apr 29)