[Dataloss] Commentary on data breach laws
Henry Brown
hbrown at knology.net
Sat Jun 14 12:38:43 UTC 2008
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9096538
Opinion: Breach laws fail to protect anyone
By Bart Lazar
The database security laws passed by 39 states cause businesses
substantial expense. Although the goal of these laws is to prevent
identity theft, there is no credible evidence that demonstrates that the
supposed benefit to consumers outweighs the administrative burden and
expense caused to companies. Because the alleged benefits are illusory,
a company's time and resources would be better spent on proactive
efforts to prevent data breaches.
With security breaches at major companies frequently in the news,
legislators feel pressured to pass laws to protect consumers. No
politician wants to be viewed as being soft on identity theft. However,
legislatures have not passed proactive laws that would prevent theft,
but reactive ones that impose substantial burdens on companies.
[...]
Ultimately, the privacy and security interests of our citizens may be
better served if the money spent on reacting to security breaches as
part of a legislated incident response instead was invested on a
proactive basis into security infrastructure and training.
More information about the Dataloss
mailing list