[Dataloss] A data security breach legislation question

Craig Muller Craig.Muller at demoxi.com
Wed Mar 12 15:25:37 UTC 2008


Hi Rob,
 
I believe companies are offering credit monitoring  because they are concerned with lawsuits and public perception.  Little do they know that credit monitoring is a costly and less effective solution than one of the free alternative, fraud alerts.  It’s unfortunate that promotion of credit monitoring gives the false impression that consumers are protected from identity theft if they pay for credit monitoring.  I would much rather get a phone call when someone is attempting to access my credit report (fraud alerts) than to be notified electronically after it has been accessed.  Plus the fraud alert is free.  
 
Regards,
Craig
 
Craig Muller
VP Identity Services
714.417.9984
craig at freeidentityprotect.com
www.freeidentityprotect.com
 
 
 
----- Original Message ----- 
From: "Rob Shavell" <HYPERLINK "mailto:slvrspoon at gmail.com"slvrspoon at gmail.com>
To: <HYPERLINK "mailto:dataloss at attrition.org"dataloss at attrition.org>
Sent: Wednesday, March 12, 2008 7:30 AM
Subject: Re: [Dataloss] A data security breach legislation question
 
> hi all,
> the question i have around US data breach notification legislation is this:
> 
> "why are we counting states?"
> 
> if most legislation applies to affected record-holders if they are
> residents and 95% of breaches already either happen in a state with a
> law or include records of persons residing in such states, then...
> hasn't this basically become a necessity?
> 
> in other words, organizations had better just notify to be in compliance.
> 
> following from this: what is the importance to an organization of
> reading through particulars of state by state legislation when they
> can just follow California, notify everyone, and be in compliance?
> 
> bonus question: in your opinion, why are so many companies choosing to
> include credit monitoring services for those affected?  a) altruism b)
> just not that costly c) concern about downstream law-suits d) ?
> 
> rgds,
> rob
> 
> 
> 
> 
> On 10/03/2008, Susan Orr <HYPERLINK "mailto:susan at susanorrconsulting.com"susan at susanorrconsulting.com> wrote:
>> I was just looking at the various states the other day, and there are
>>  some differences - some exempt encrypted information, some exclude
>>  financial institutions and others that are covered under other existing
>>  federal and state laws like GLBA.  One state I believe exempts "state
>>  agencies" Oklahoma I think.
>>
>>  Didn't know it was up to 40, last I saw was 38.  I'll have to check it
>>  out, thanks.
>>
>>
>>  Rebecca Herold wrote:
>>  > Counting the District of Columbia, as of the end of October it was 40; see
>>  > HYPERLINK "http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07.pdf"http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07.pdf
>>  >
>>  > Best regards,
>>  >
>>  > Rebecca Herold
>>  > ----- Original Message -----



No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date: 3/11/2008 1:41 PM
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20080312/c5f60f79/attachment.html 


More information about the Dataloss mailing list