[Dataloss] Researchers Say Notification Laws Are Not Lowering ID Theft Incidents
Adam Shostack
adam at homeport.org
Thu Jun 5 15:01:57 UTC 2008
There's also no evidence that the laws reduce baggy pants. But that
was't their intent either. Their intent was to reduce the *impact* of
id theft.
Adam
On Thu, Jun 05, 2008 at 05:20:00AM +0000, Paul Ferguson wrote:
| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| If anyone finds a link to the CMU report, please forward it to
| the list.
|
| Via ComputerWorld.
|
| [snip]
|
| Over the past five years, 43 U.S. states have adopted data breach
| notification laws, but has all of this legislation actually cut down on
| identity theft? Not according to researchers at Carnegie Mellon University
| who have published a state-by-state analysis of data supplied by the U.S.
| Federal Trade Commission (FTC).
|
| "There doesn't seem to be any evidence that the laws actually reduce
| identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon
| who is one of the paper's authors.
|
| Romanosky's team took a state-by-state look at FTC identity theft
| complaints filed between 2002 and 2006 to see whether there was a
| noticeable impact on complaints in states that had adopted data breach
| notification laws such as California's SB 1386, which compels companies and
| institutions to notify state residents when their personal information has
| been lost or stolen. Their paper is set to be presented at a conference on
| Information Security Economics held at Dartmouth College later this month.
|
| [snip]
|
| More:
| http://www.computerworld.com/action/article.do?command=viewArticleBasic&art
| icleId=9093659
|
| - - ferg
|
| -----BEGIN PGP SIGNATURE-----
| Version: PGP Desktop 9.6.3 (Build 3017)
|
| wj8DBQFIR3d8q1pz9mNUZTMRAtjSAKCiepk/4oEETO5heMLRAPZx+8E2gwCfVenZ
| tzWLNWN3geNZwCkMsfKebes=
| =RgQy
| -----END PGP SIGNATURE-----
|
|
| --
| "Fergie", a.k.a. Paul Ferguson
| Engineering Architecture for the Internet
| fergdawg(at)netzero.net
| ferg's tech blog: http://fergdawg.blogspot.com/
|
| _______________________________________________
| Dataloss Mailing List (dataloss at attrition.org)
| http://attrition.org/dataloss
|
| Tenable Network Security offers data leakage and compliance monitoring
| solutions for large and small networks. Scan your network and monitor your
| traffic to find the data needing protection before it leaks out!
| http://www.tenablesecurity.com/products/compliance.shtml
More information about the Dataloss
mailing list