[Dataloss] CTS: Thief Steals Tax Records

James Childers james at iqbio.net
Sun Feb 4 17:14:04 EST 2007 

Point taken... of course we are just talking about the "norms".  There
are exceptions to every rule.

James Childers

-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of lyger
Sent: Sunday, February 04, 2007 2:09 PM
To: dataloss at attrition.org
Subject: Re: [Dataloss] CTS: Thief Steals Tax Records


Since I almost never get to jump into these discussions, please allow me

to retort. 

I find a couple of the comments below to be somewhat stereotypical.  "IT

guys" are generally considered to be "geeks" and nothing more, even if 
they have years of experience in fields that have to deal with
regulatory 
compliance issues on a daily basis.  Some "IT guys" are absolutely
capable 
of making business decisions, especially when the decision in question 
concerns protecting their company from bad choices made by the "business

leaders" who fail to understand the basics of risk assessment and risk 
management, specifically those that deal with the loss of client, 
customer, or employee information.  

While it may be true that "a large percentage of IT guys" aren't as
versed 
in regulatory compliance as their "business leader" counterparts, the
same 
can be said for the "business leaders" who aren't concerned with the 
impact a data breach can have on their company and fail to enable their 
"IT guys" to provide valuable input into the decision-making process.

Just my opinion.

Lyger 


On Sun, 4 Feb 2007, James Childers wrote:

": " An absolute recipe for disaster is when you let the I.T. "guys"
make
": " business decisions.
": " 
": " Thanks for the info.
": " 
": " James Childers
": " http://www.iqbio.com 
": " http://www.clipbio.com 
": " 
": " -----Original Message-----
": " From: George Toft [mailto:george at myitaz.com] 
": " Sent: Sunday, February 04, 2007 1:45 PM
": " To: James Childers
": " Cc: blitz; dataloss at attrition.org
": " Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
": " 
": " The FTC clearly calls out tax preparers as being required to comply
with
": " 
": " GLBA (http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm 3rd 
": " paragraph).  However, in September, 2006, CPA's were able to become

": " exempt from the privacy rule of GLBA 
": " (http://www.icpas.org/icpas/ei/gbarticle.asp).  They are still
required 
": " to comply with the Security Rule, which nobody seems to know about.
": " 
": " CPA's by nature are very tight-fisted with their money, and they
see 
": " this as yet another expense that has no benefit.  "If it's not
broke, 
": " why should I fix it?"
": " 
": " This list's members are very proactive and forward-thinking.
Securing 
": " information is obvious to us, but eludes others, so they delegate
the 
": " task to "the IT guy" and it's his problem because "he understands
that 
": " stuff."  Problem is, a large percentage of IT Guys I've spoken with
are 
": " clueless about regulatory compliance and the finer art of
information 
": " security.
": " 
": " George Toft, CISSP, MSIS
": " My IT Department
": " www.myITaz.com
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 562 incidents over
7 years.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Dataloss mailing list