[Dataloss] confirming victims of data breaches?
Rob Shavell
rshavell at identityforce.com
Mon Jul 21 22:50:31 UTC 2008
hi all,
as notification laws proliferate, i'm wondering, w/out a notification
letter, can consumers themselves really confirm if they are part of a
breach?
in my experience, calling up a company directly to ask if you are
affected by a breach results in a canned response saying "did you get
a letter"? or "contact your credit card company"
do companies have any responsibility to tell those who may have NOT
YET received a notification (state doesn't require it, moved,
whatever) that they are indeed affected? if not, doesn't this reality
counter the spirit of the laws and companies doing the right thing?
i understand that SSNbreach (and maybe others?) are trying to do
something about this. is there any way to empower consumers here?
rgds,
rob
___________________
Rob Shavell
Director of Compliance
IdentityForce
More information about the Dataloss
mailing list