Commentaries and Analyses – Page 895

FTC Publishes Proposed Breach Notification Rule for Electronic Health Information

Posted on April 16, 2009 by Dissent

From the FTC: The Federal Trade Commission today announced that it has approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to…

Pointer: Visa Suspends Heartland: A Little Revisionist History?

Posted on March 14, 2009 by Dissent

Over on StorefrontBacktalk, Evan Schuman has some sharp and thought-provoking commentary on Visa’s suspension of Heartland’s and RBS’s approved status and assertions that “no compromised entity has been found to be [PCI] compliant at the time of the breach.”

Pointer: State Laws Require Secure Personal Data

Posted on March 10, 2009 by Dissent

Nick Akerman and Melissa J. Krasnow have an article in The National Law Journal: Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. The Massachusetts law applies to a business located anywhere in the United States that stores…

More on whether breach notification laws work

Posted on March 10, 2009 by Dissent

George Hulme of Information Week also responded to Kim Zettner’s article in Threat Level about a recent seminar on whether data breach notification laws are working. He raises some points about the value of such laws and similar to what I said here yesterday, notes “Helping consumers avoid identity theft and fraudulent transactions is only…

Experts Debate the Value of Breach Notification Laws

Posted on March 9, 2009 by Dissent

Kim Zettner of Threat Level discusses the different views expressed at a seminar last week on whether data breach notification laws do any good. As expected, the upshot was “we don’t know” because there are not enough data, surveys may not be reliable indicators, etc. Of course, there is another way to frame the issue…

Absolute and Ponemon Institute Study Shows Many Employees Undermine Traditional Data Breach Prevention Strategies

Posted on January 13, 2009 by Dissent

From the press release: Absolute(R) Software Corporation and the Ponemon Institute today announced the findings of a new study on the use of encryption on laptops by employees within corporations in the U.S. The study, “The Human Factor in Laptop Encryption: US Study,” revealed that more than half (56%) of business (non-IT) managers polled, disable…