I’m no longer surprised when we first learn about breaches that happened years ago. Case in point: a 2006 breach in Canada is now in the media after the Canadian Press uncovered it in an Access to Information request: The confidential tax files of almost 2,700 Canadians are missing after a Canada Revenue Agency worker…
Category: Commentaries and Analyses
UK: What’s gone wrong at #ICO?
Stewart Room writes: If you’ve been keeping a close eye on developments at the Information Commissioner’s Office, then you will have detected a very clear trend when it comes to regulatory enforcement action. Basically, ICO has abandoned the monetary penalty and other statutory enforcement mechanisms, for “undertakings”. Read more on Stewart Room. I’m glad for…
Study finds many turn to lawsuits following a data breach
Dan Kaplan reports: More than half of American consumers would sue a company that loses its personal information, according to a survey released Wednesday by IT firm Unisys. The twice-a-year Unisys Security Index, which polled 1,000 Americans on information security concerns, found that 53 percent would take legal action in the event of a data…
What does the Unisys Security Index really tell us about consumer responses to a data breach?
I’m going to post a press release from Unisys with a warning: never confuse what consumers say they will do with what they actually do. I’ll meet you on the other side of the release: Americans will go to great lengths to avoid identity theft, and many say they would take legal action against government…
Only 56 breach notifications in a year suggests “voluntary” doesn’t work well
Voluntary breach reporting doesn’t seem to be working too well in Australia. Michael Lee of ZDNet in Australia, reporting on a new annual report by the Office of the Australian Information Commissioner, notes: The OAIC also received, separately, 56 voluntary data breach notifications, representing a 21 per cent increase from the previous financial year. Somehow…
Would a federal data breach law really be too costly for the private sector?
Are you curious about the cost of a data breach notification law? Here’s the analysis of S. 1151, the Personal Data Privacy and Security Act of 2011, proposed by Senator Leahy. It appears that the biggest added cost to the private sector would be on improving security and not from breach notification since 46 states already…