[Dataloss] Fw: Data breach notification survey

[TSG]

----- Original Message ----- 
From: "TSG" <tglassey at earthlink.net>
To: "Edward White" <ewhite at avrenter.com>
Cc: <dataloss at attrition.org>
Sent: Thursday, June 12, 2008 4:19 PM
Subject: Re: [Dataloss] Data breach notification survey


>I like this idea Edward - but I am going to put on my devils' advocate hat 
>here and push back.
>
> Don't get the wrong idea - I want to proceed with your suggestion but I 
> also want to point out some other things...
>
>
> Todd
>
> ----- Original Message ----- 
> From: "Edward White" <ewhite at avrenter.com>
> To: "TSG" <tglassey at earthlink.net>
> Cc: <dataloss at attrition.org>
> Sent: Thursday, June 12, 2008 10:14 AM
> Subject: RE: [Dataloss] Data breach notification survey
>
>
> Todd and All who would like to make a difference,
> Let's break the problem into its component parts
>
> 1) Personal Data held by companies
>
> TSG: Which is constrained by the different regulatory frameworks.
>
> 2) Personal data out in the open
>
> Let's put all of our ideas together to fix the problem with breaches of
> personal data and craft a letter that will put our ideas into action.
>
> TSG: the key to all of this is that the industry is still reeling from its 
> SOX spanking's. Those were the huge costs that it cost to become SOX 
> compliance. The problem is it wasnt SOX that was the culprate - it was the 
> sloppy and uncontrolled methods that people used to use to try and scate 
> around the sides of the requirement's. The issue isnt SOX or any other 
> Federal Law other than the Rules of Evidence which are where the rubber 
> meets the road. What people are pushing back against is the costs of 
> meeting the new Digital Evidence Competency costs and my reaction to many 
> of them is that as an Auditor I will not sign off on their external's 
> without this in place.
>
> TSG: As a shareholder My response would be a littel different - I may 
> litigate their gross negligence as well unless they come up with a strong 
> Evidence Capture and Anti-spoliation Position and Practice.
>
> I know the right senators office to start with and then will get their
> input for a final letter that I will hand deliver to every Senators and
> Congressman's office in Washington, DC
>
> It may take 6 months to a year + to get the ideas into Law.  This is our
> Country and the Senate and the Congress work for us.  Let's fix the
> issue.
>
> TSG: The issue is easily fixed through civil litigation under Qui Tam. 
> Trust me - most civil attorney's dont see this one, but if you properly 
> analyze the US Law you will find that Qui Tam under the False Claims Act 
> is huge. For instance ALL of the ENRON Victims probably still have 
> recovery rights against the officers of ENRON itself. Likewise would any 
> of those shareholders of company's who were dinged in the back-dating 
> scandle as well...
>
> There are many smart people in this country and we need to rise to the
> challenge.
>
> Thanks
> Ed
>