Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Strict liability for data breaches?
Mark Rasch, 2006-02-20

A recent case involving a stolen laptop containing 550,000 people's full credit information sheds new night on what "reasonable" protections a company must make to secure its customer data - and what customers need to prove in order to sue for damages.

Comments Mode:
Strict liability for data breaches? 2006-02-21
Adam (1 replies)
Re: Strict liability for data breaches? 2006-02-22
Mark D. Rasch (1 replies)
Re: Re: Strict liability for data breaches? 2006-02-23
Anonymous
Strict liability for data breaches? 2006-02-21
Jim (Sydney, Australia) (1 replies)
Re: Strict liability for data breaches? 2006-02-22
Anonymous
Strict liability for data breaches? 2006-02-21
Anonymous
Strict liability for data breaches? 2006-02-21
Ron Jennings (2 replies)
Re: Strict liability for data breaches? 2006-02-23
Anonymous
Re: Strict liability for data breaches? 2006-02-23
Doug
Strict liability for data breaches? 2006-02-21
Stephen T (1 replies)
Re: Strict liability for data breaches? 2006-02-22
Anonymous (1 replies)
Re: Re: Strict liability for data breaches? 2006-02-26
Stonewall
Strict liability for data breaches? 2006-02-21
Anonymous
Strict liability for data breaches? 2006-02-21
WB
Shameful ruling 2006-02-22
Torquemada
Strict liability for data breaches? 2006-02-22
Frank, Hsv, AL
Strict liability for data breaches? 2006-02-22
Anonymous
About encryption:
If it's encrypted and stored on a laptop, isn't it likely that the decryption mechanism is also on the laptop?

The key and data must be separated for encryption to be useful. Ideally this would be the case, but I see requirements all the time to encrypt data stored in databases, when the password to decrypt it is in a software configuration file on the server.

This is a ridiculous waste of cycles since the server admin has the keys to all the boxes, and a hacker that comprimises a front end server can simply do a database dump using the client on the server.

-Neil

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/387/33168#33168
Strict liability for data breaches? 2006-02-23
Anonymous (2 replies)
Re: Strict liability for data breaches? 2006-02-23
Mark D. Rasch
Re: Strict liability for data breaches? 2006-02-23
Anonymous (1 replies)
Judge Made Law 2006-02-24
Mark D. Rasch (1 replies)
Re: Judge Made Law 2006-03-05
Anonymous (1 replies)
Re: Re: Judge Made Law 2006-03-15
Anonymous
Strict liability for data breaches? 2006-11-09
california







 

Privacy Statement
Copyright 2009, SecurityFocus