[Dataloss] Researchers Say Notification Laws Are Not Lowering ID Theft Incidents
Paul Ferguson
fergdawg at netzero.net
Thu Jun 5 05:20:00 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If anyone finds a link to the CMU report, please forward it to
the list.
Via ComputerWorld.
[snip]
Over the past five years, 43 U.S. states have adopted data breach
notification laws, but has all of this legislation actually cut down on
identity theft? Not according to researchers at Carnegie Mellon University
who have published a state-by-state analysis of data supplied by the U.S.
Federal Trade Commission (FTC).
"There doesn't seem to be any evidence that the laws actually reduce
identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon
who is one of the paper's authors.
Romanosky's team took a state-by-state look at FTC identity theft
complaints filed between 2002 and 2006 to see whether there was a
noticeable impact on complaints in states that had adopted data breach
notification laws such as California's SB 1386, which compels companies and
institutions to notify state residents when their personal information has
been lost or stolen. Their paper is set to be presented at a conference on
Information Security Economics held at Dartmouth College later this month.
[snip]
More:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&art
icleId=9093659
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFIR3d8q1pz9mNUZTMRAtjSAKCiepk/4oEETO5heMLRAPZx+8E2gwCfVenZ
tzWLNWN3geNZwCkMsfKebes=
=RgQy
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the Dataloss
mailing list