[Dataloss] Breach notification laws: When should companies tell all?
lyger
lyger at attrition.org
Fri Mar 3 11:13:08 EST 2006
http://computerworld.com/securitytopics/security/story/0,10801,109161,00.html
MARCH 02, 2006 (COMPUTERWORLD) - While there appears to be growing
industry consensus that security breach notification laws have forced
companies to take more responsibility for the data they own, there is
little agreement on exactly when companies should be required to notify
consumers when a data breach occurs.
Ranged on one side of the debate are those who want alerts for any breach
involving the potential exposure of sensitive data. On the other side are
those who say that a higher disclosure threshold is needed to avoid
overnotification and needless costs.
"We clearly have a responsibility to safeguard customer information," said
Kirk Herath, chief privacy officer and associate general counsel at
Nationwide Mutual Insurance Co. in Columbus, Ohio. "If we lose
information, it's our responsibility to inform consumers because that"s
the only way they can protect themselves."
However, many existing state laws have "hair-triggers" when it comes to
disclosure requirements, he said. "I really think the standard for
disclosure should be a clear risk of danger or harm to the consumer."
[...]
More information about the Dataloss
mailing list