[Dataloss] Researchers Say Notification Laws Are Not Lowering ID Theft Incidents
Henry Brown
hbrown at knology.net
Thu Jun 5 11:49:44 UTC 2008
A link to the paper by Sasha Romanosky and others
http://weis2008.econinfosec.org/papers/Romanosky.pdf
Another "article" on the 20 page paper..
http://news.idg.no/cw/art.cfm?id=56E28F72-17A4-0F78-3155C53BCC1D1B0D
Researchers say notification laws not lowering ID theft
[...]
Because reports to the FTC are incomplete, it's hard to draw conclusions
from the data, said Gartner analyst Avivah Litan. But she noted that
while breach laws have made lost laptops front-page news, many companies
have responded to tighter laws and regulations by focusing more on
compliance than on security.
Often, that's not good enough to protect customers from ID theft, she
said. "If you just meet the letter of the law you may pass an audit, but
you have to pass the spirit of the law."
Romanosky admits that there may be problems in the methodology used by
his team. And while he noted that the data -- compiled from
self-reported complaints -- may not be perfect, the FTC database is the
only source of this type of information.
[...]
-------- Original Message --------
Subject: [Dataloss] Researchers Say Notification Laws Are Not Lowering
ID Theft Incidents
From: Paul Ferguson <fergdawg at netzero.net>
To: dataloss at attrition.org
Date: 6/5/2008 12:20 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If anyone finds a link to the CMU report, please forward it to
> the list.
>
> Via ComputerWorld.
More information about the Dataloss
mailing list