Regular readers know how I hate it when companies are not sufficiently transparent about breaches, – where “sufficiently” is defined by MY standards and not just what the law may require. So when Epsilon didn’t provide a list of affected clients, this blog compiled our own list with the help of readers and affected consumers.
And so I’ve started tracking the recent Advanced Data Processing breach. If you trot on over to PHIprivacy.net, you can see what information I’ve compiled already – and hopefully, you’ll add to it as you encounter media reports or other details.
One day, one day, maybe we’ll get fuller disclosure mandated nationally. Until then, we’ve got ourselves and our own determination to uncover details.
Please make your suggestions or additions to the PHIprivacy.net blog entry – not this one. Thanks!
Great Point! Companies are not effectively informing their customers of breaches. Consumers need to be aware when their information is disclosed by companies or the government. When breach information is ambiguous consumers who may be impacted or and consumers of said information should push for full disclosure. We as information assurance professionals need to be ethical in our reporting.