[Dataloss] Data breach notification survey

Edward White ewhite at avrenter.com
Thu Jun 12 16:15:30 UTC 2008


Here is a novel idea: 
1) Companies should not be able to buy and sell personal information.

2) Companies, mainly retailers, should not be able to keep information
swiped via a credit card or any other card past the time of payment

3) If Companies are required to keep any personal data for any reason
and for any amount of time; they should be required to protect the data
with encryption

If the companies violate any of these points the CEO, CFO and CIO should
have to go to jail for 90 days.  There should be a time period of 6
months to complete the protection.  After the first set of executives
goes to jail for 90 days most of the companies will be compliant very
quickly.  If you do not have the data, you can not lose it; if you
protect the data it can't be used.  This should knock out most of the
problems and guess what the companies will not have the liability issue
:) 

-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of Henry Brown
Sent: Thursday, June 12, 2008 12:04 PM
To: dataloss at attrition.org
Subject: [Dataloss] Data breach notification survey

 From clearswift.com press release
http://www.clearswift.com/news/item.aspx?ID=1465

[...]
Results highlights:

78% of IT decision-makers don't believe the general public should be 
informed if a data breach occurs;
54% of U.S. IT decision-makers are unaware of data breach disclosure
laws;
53% are in favor of legislation that would force companies to publicly 
declare a data breach if it occurred; 38% are in favour of legislation 
that would make negligent loss of personal information a criminal
offence;
19% of companies have suffered a data loss in the last 12-18 months; 50%

more than once;
38% of IT managers have seen their annual IT spends increased by as much

as 10% since data breach notification legislation were introduced.

[...]

While respondents felt the general public did not need to know (78%), 
they did indicate that affected customers and partners should be 
informed (95%) while less than half of them felt that industry 
regulators (42%) or even the police (35%) should be notified.

[...]

All the above figures, unless otherwise stated are from Clearswift. 
Total sample size was 3 340 US IT decision makers. Fieldwork was 
undertaken between March 10 and April 10, 2008. The survey was completed

online.

[...]




_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3181 (20080612) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3181 (20080612) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


More information about the Dataloss mailing list