<html>
<body>
<font size=3>Perhaps we need to be taking a larger look here as well,
it's high time the US enact Draconian privacy laws, much like the EU has
to protect ourselves from the top down. Many of these "unknown"
companies who have access to our most private information need to be shut
down, or curtailed severely as well. The remainder need to be managed in
a "Secret" to "Top Secret" security atmosphere,
including logs of each and every access and for what reason and
accountability to the people who's data they hold. I believe much evil
would then be either curtailed or exposed. <br>
Much like the illegal alien problem here in the US, too many people are
making too much money from violating the laws, and what should be a
foregone assumption (privacy) needs to be codified.<br><br>
<br><br>
<blockquote type=cite class=cite cite="">We see few compliance or
regulatory sanctions, little in the way of<br>
public flogging (the VA laptop loss being a notable exception), and
an<br>
ocassional slap on the wrist (e.g., MA Dept of State's whopping $25k<br>
fine against Ameriprise Financial for losing a laptop with data
about<br>
230,000 customers and financial advisers).<br><br>
You're right, these losses are weekly if not daily news items.
They're<br>
so commonplace, however, that I'd propose we're (collectively)
becoming<br>
desensitized: we're tuning out the ongoing "noise".
<br><br>
I think it's clear we need a landmark tracking / longitudinal study
of<br>
these breaches, their affected individuals, and ideally, the<br>
organizations in question, to assess whether there is a real crisis.<br>
There may not be, as much as we think there is or might be.<br><br>
--<br>
Sean Steele, CISSP<br>
infoLock Technologies<br>
703.310.6478 direct<br>
202.270.8672 mobile<br>
ssteele@infolocktech.com</font></blockquote></body>
</html>