Nick Akerman and Melissa J. Krasnow have an article in The National Law Journal: Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. The Massachusetts law applies to a business located anywhere in the United States that stores…
Category: Commentaries and Analyses
More on whether breach notification laws work
George Hulme of Information Week also responded to Kim Zettner’s article in Threat Level about a recent seminar on whether data breach notification laws are working. He raises some points about the value of such laws and similar to what I said here yesterday, notes “Helping consumers avoid identity theft and fraudulent transactions is only…
Experts Debate the Value of Breach Notification Laws
Kim Zettner of Threat Level discusses the different views expressed at a seminar last week on whether data breach notification laws do any good. As expected, the upshot was “we don’t know” because there are not enough data, surveys may not be reliable indicators, etc. Of course, there is another way to frame the issue…
Absolute and Ponemon Institute Study Shows Many Employees Undermine Traditional Data Breach Prevention Strategies
From the press release: Absolute(R) Software Corporation and the Ponemon Institute today announced the findings of a new study on the use of encryption on laptops by employees within corporations in the U.S. The study, “The Human Factor in Laptop Encryption: US Study,” revealed that more than half (56%) of business (non-IT) managers polled, disable…
The World Bank’s Data Breach, And Its Sorry Follow-Up
Bob Evans reports: The World Bank (annual IT budget about $250 million) has been hit by a range of data breaches, at least one of which involved info belonging to staffers. So a corporate guy overseeing IT has sent a flaccid memo to the whole organization. Take a look at the memo and ask yourself…
Breach analyses
Edward D. Murphy has an article about the recent Maine breach study in the Portland Press Herald, here. And over on Chronicles of Dissent, I analyze and comment on some of ITRC’s 2008 statistics and year-end roundup here and here.