[Dataloss] Researchers Say Notification Laws Are Not Lowering ID Theft Incidents

Henry Brown hbrown at knology.net
Thu Jun 5 11:49:44 UTC 2008

A link to the paper by Sasha Romanosky and others 

Another  "article"  on the 20 page paper..

Researchers say notification laws not lowering ID theft


Because reports to the FTC are incomplete, it's hard to draw conclusions 
from the data, said Gartner analyst Avivah Litan. But she noted that 
while breach laws have made lost laptops front-page news, many companies 
have responded to tighter laws and regulations by focusing more on 
compliance than on security.

Often, that's not good enough to protect customers from ID theft, she 
said. "If you just meet the letter of the law you may pass an audit, but 
you have to pass the spirit of the law."

Romanosky admits that there may be problems in the methodology used by 
his team. And while he noted that the data -- compiled from 
self-reported complaints -- may not be perfect, the FTC database is the 
only source of this type of information.


-------- Original Message --------
Subject: [Dataloss] Researchers Say Notification Laws Are Not Lowering 
ID    Theft Incidents
From: Paul Ferguson <fergdawg at netzero.net>
To: dataloss at attrition.org
Date: 6/5/2008 12:20 AM
> Hash: SHA1
> If anyone finds a link to the CMU report, please forward it to
> the list.
> Via ComputerWorld.

More information about the Dataloss mailing list