Comments: Liability for breaches: do we need new laws?

we had been been brought in to help word smith the cal. state electronic signature legislation (and later the federal legislation) ... some past posts
http://www.garlic.com/~lynn/subpubkey.html#signature

many of the parties involved were also active in the breach notification as well as the opt in/out legislative activity ... basically stuff swirling around "privacy". Some of the players had done detailed consumer surveys and found that for the most part, the privacy issue was

1) identity theft ... at the time mostly account fraud ... i.e. skimming/harvesting account numbers and performing fraudulent transactions

2) denial of service ... aka gov., commercial, private, public, etc institutions using personal information to the detriment of the individual.

much of the account fraud was coming from breaches of various kinds ... and this information wasn't being publicized ... and so the actual source of the problem wasn't being addressed ... which led to the requirement for breach notification legislation.

we didn't actually participate directly in any of the legislative activity with respect to these other efforts ... other than pointing out that the x9.59 financial standards work
http://www.garlic.com/~lynn/x959.html#x959

had eliminated breaches as an account fraud threat/vulnerability. somewhat related post over in digital money blog
http://www.garlic.com/~lynn/aadsm28.htm#49 Price point

however, later we were co-author of the x9.99 financial privacy standard ... and had to spend some amount of time looking at GLBA (with respect to opt-out notification requirement), HIPAA, EU-DPD, OECD, etc ... reference here to work on merged taxonomy and glossaries ... including one for privacy in support of the x9.99 work
http://www.garlic.com/~lynn/index.html#glosnotes

these days GLBA is getting a lot more press ... not for its opt-out/privacy... but for its repeal of glass-steagall.

Posted by Lynn Wheeler at March 24, 2008 12:35 PM

re:
http://www.garlic.com/~lynn/aadsm28.htm#50 Liability for breaches: do we need new laws?

a little x-over
http://www.garlic.com/~lynn/2008f.html#88 Has Banking Industry Overlooked Its Biggest Breach Ever?

...

Has Banking Industry Overlooked Its Biggest Breach Ever?
http://www.darkreading.com/document.asp?doc_id=149052

from above:

Way back in July, law enforcement agencies issued a press release stating that they had indicted a former employee at Compass Bank for stealing information from the company. It now appears that the theft might be the biggest breach in banking history.

According to the privacy site PogoWasRight.org, new details about the case against former Compass employee James Kevin Real indicate that approximately 1 million customers' personal information may have been exposed in the incident.

... snip ...

Posted by Lynn Wheeler at March 25, 2008 08:00 AM

recent book reference:

You won't guess who's the bad guy of ID theft
http://news.yahoo.com/s/usatoday/20080414/tc_usatoday/youwontguesswhosthebadguyofidtheft
You won't guess who's the bad guy of ID theft
http://www.usatoday.com/money/books/reviews/2008-04-13-zero-day-threat_N.htm

and comment
http://www.garlic.com/~lynn/2008h.html#4 You won't guess who's the bad guy of ID theft

Posted by Lynn Wheeler at April 14, 2008 07:32 AM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x564923e80ba8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.