[Dataloss] They Take it Seriously? Oh, Sure

[George Toft]

In UC's defense, they have a very aggressive information protection 
policy - something like 150 pages of policy/procedure designed to 
protect information as required by GLBA (it's been a while since I read 
it, so my page count might be off).

I think they are the exception rather than the rule as they've done more 
than most to protect their data.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
623-203-1760

Confidential data protection experts for the financial industry.


Richard Forno wrote:
> They Take it Seriously? Oh, Sure
> January 9th, 2007 by Dan Gillmor
> 
> (I originally wrote this for PR Week magazine.)
> 
> Several weeks ago, UCLA acknowledged that some of its computers had been
> hacked. Obeying a state law, it notified more than 800,000 people that their
> personal data, including Social Security numbers, might have ended up in the
> wrong hands.
> 
> The fact that the data got loose wasn¹t all that striking. Unfortunately,
> that¹s all too common. What struck me was this statement from a hapless UCLA
> honcho: ³We have a responsibility to safeguard personal information, an
> obligation that we take very seriously.²
> 
> When and where have I heard that before? All kinds of times and places,
> actually. It¹s becoming a mantra that means almost nothing.
> 
> Try this: Plug ³we take² and ³very seriously² into a Google News or Yahoo
> News search. You¹ll get hundreds of hits, albeit some repeats, where some
> big institution - corporate, educational, government, whatever - makes a
> giant blunder and then issues a ³we take (insert the violated policy) very
> seriously² statement.
> 
> < - >
> 
> http://citmedia.org/blog/2007/01/09/they-take-it-seriously-oh-sure/
> 
> 
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 529 incidents over 6 years.
> 
> 
> 
>