Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Breach-notification laws not working?
Robert Lemos, SecurityFocus 2008-06-25

The breach-notification laws passed by many states have failed, so far, to produce a measurable impact on identity theft, according to a group of academic researchers that will present their findings on Thursday at the Workshop on the Economics of Information Security (WEIS).

Comments Mode:
Breach-notification laws not working? 2008-06-26
Anonymous
That would be because the companies are not necessarily being entirely truthful. They will find any way to get around having to report. Even if it involves lying. I have witnessed it first hand.

When they try, they tend to do it rather half-assed. You know, what's best for the company, not th...

[ more ]  [ reply ]
Breach-notification laws not working? 2008-06-27
Anonymous (2 replies)
Data Breach disclosure laws are kinda like safety labels/warnings. They are to increase awareness. Ignore the warnings at your peril.

They aren't meant to prevent data breaches, except by forcing companies to admit they messed up, and punish them if they don't. If they didn't exist, how many com...

[ more ]  [ reply ]
Re: Breach-notification laws not working? 2008-06-30
Anonymous
News item this weekend was Montgomery-Ward did not notify consumers who were exposed by a breach, despite data breach notification laws.

Businesses are ignoring the laws, ergo they aren't working?

...

[ more ]  [ reply ]
Re: Breach-notification laws not working? 2008-06-30
Anonymous
Well, they do exist.

How many companies are being forthright about it?

Only the ones that get caught......

[ more ]  [ reply ]
NOT SHOWN - Breach-notification laws not working? 2008-06-27
Anonymous
Apparently the study did not investigate whether consumers who were exposed to a breach suffered reduced harm.

That is the real motivation for breach notification legislation, not reducing breach occurance.

The researchers missed the entire point! So much for their insight......

[ more ]  [ reply ]
Missed the point - Breach-notification laws not working? 2008-06-30
Anonymous
The study missed the point. Breach notification laws are not intended to reduce the occurrence of breaches or identity theft, they are intended to ensure that the consumers who are exposed as a result know that they are victims.

Were consumers (and financial services providers) able to take coun...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus