NY (USA) has enacted a security breach disclosure law...

I hope the other states (and countries) follow...

http://www.theregister.co.uk/2005/08...es_disclosure/

Imhotep wrote:
> I hope the other states (and countries) follow...
>
> http://www.theregister.co.uk/2005/08...es_disclosure/

Yes, clearly that's one law whose time has come. It's a shame though
that it takes a law to inspire an entity to fess up that confidential
customer data has been stolen. You'd think that would be just the right
thing to do.

optikl wrote:

> Imhotep wrote:
>> I hope the other states (and countries) follow...
>>
>> http://www.theregister.co.uk/2005/08...es_disclosure/
>
> Yes, clearly that's one law whose time has come. It's a shame though
> that it takes a law to inspire an entity to fess up that confidential
> customer data has been stolen. You'd think that would be just the right
> thing to do.

Corporate America has taken a really ugly path. You are right though. It is
a shame that a law had to be put in place for something that should be
obvious...

Im

"optikl" <optikl@invalid.net> wrote in message
news:b_KdnemEX5WQ6mPfRVn-3A@comcast.com...
> Imhotep wrote:
> > I hope the other states (and countries) follow...
> >
> > http://www.theregister.co.uk/2005/08...es_disclosure/
>
> Yes, clearly that's one law whose time has come. It's a shame though
> that it takes a law to inspire an entity to fess up that confidential
> customer data has been stolen. You'd think that would be just the right
> thing to do.

OK, so you go to open a bank account.. do you choose the company that got
hacked last week, or someone else?

Guess that explains the reluctance to come clean ;o)

Wonder how the law will ever get enforced..? Disgruntled employee is my
guess.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

"Hairy One Kenobi" <abuse@[127.0.0.1]> writes:


>"optikl" <optikl@invalid.net> wrote in message
>news:b_KdnemEX5WQ6mPfRVn-3A@comcast.com...
>> Imhotep wrote:
>> > I hope the other states (and countries) follow...
>> >
>> > http://www.theregister.co.uk/2005/08...es_disclosure/
>>
>> Yes, clearly that's one law whose time has come. It's a shame though
>> that it takes a law to inspire an entity to fess up that confidential
>> customer data has been stolen. You'd think that would be just the right
>> thing to do.

>OK, so you go to open a bank account.. do you choose the company that got
>hacked last week, or someone else?

Of course it may not be in their interest to do so. So law suits and laws
change the equation of what their interests are.


>Guess that explains the reluctance to come clean ;o)

>Wonder how the law will ever get enforced..? Disgruntled employee is my
>guess.

These things tend to leak out. And then not only do they have bad PR but
criminal legal action as well, which could find the CEO actually spending
time in jail.

"Unruh" <unruh-spam@physics.ubc.ca> wrote in message
news:ddo0er$7im$2@nntp.itservices.ubc.ca...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> writes:
>
>
> >"optikl" <optikl@invalid.net> wrote in message
> >news:b_KdnemEX5WQ6mPfRVn-3A@comcast.com...
> >> Imhotep wrote:
> >> > I hope the other states (and countries) follow...
> >> >
> >> >
http://www.theregister.co.uk/2005/08...es_disclosure/
> >>
> >> Yes, clearly that's one law whose time has come. It's a shame though
> >> that it takes a law to inspire an entity to fess up that confidential
> >> customer data has been stolen. You'd think that would be just the right
> >> thing to do.
>
> >OK, so you go to open a bank account.. do you choose the company that got
> >hacked last week, or someone else?
>
> Of course it may not be in their interest to do so. So law suits and laws
> change the equation of what their interests are.
>
> >Guess that explains the reluctance to come clean ;o)
>
> >Wonder how the law will ever get enforced..? Disgruntled employee is my
> >guess.
>
> These things tend to leak out. And then not only do they have bad PR but
> criminal legal action as well, which could find the CEO actually spending
> time in jail.

Cite? Feel free to exclude or include disgruntled employees... ;o)

H1K

PS. As goes leaks, a large Scottish bank that I have worked with employs
125k+ people, and managed to move their entire operations from London to
erm.. somewhere in Scotland over a weekend. Terabytes of data, and the first
time that I've seen a multi-gigabit national WAN in operation.

How many people noticed? Two. And one of those got his legs slapped for it
(he was an employee at the time); the other was a customer with traceroute
and far, far too much time on his hands :o)

Note that I am excluding hoteliers and taxi drivers.. they *must* have known
that something was up.

Hairy One Kenobi wrote:
> "optikl" <optikl@invalid.net> wrote in message
> news:b_KdnemEX5WQ6mPfRVn-3A@comcast.com...
>
>>Imhotep wrote:
>>
>>>I hope the other states (and countries) follow...
>>>
>>>http://www.theregister.co.uk/2005/08...es_disclosure/
>>
>>Yes, clearly that's one law whose time has come. It's a shame though
>>that it takes a law to inspire an entity to fess up that confidential
>>customer data has been stolen. You'd think that would be just the right
>>thing to do.
>
>
> OK, so you go to open a bank account.. do you choose the company that got
> hacked last week, or someone else?
>
> Guess that explains the reluctance to come clean ;o)
>
Yeah, well I guess that's why some define ethical behavior as doing the
right thing even when no one else is watching. If you entrust something
to me and something happens to it, you are entitled to know the truth.

"optikl" <optikl@invalid.net> wrote in message
news:uaKdnR5m-InJFWLfRVn-og@comcast.com...
> Hairy One Kenobi wrote:
> > "optikl" <optikl@invalid.net> wrote in message
> > news:b_KdnemEX5WQ6mPfRVn-3A@comcast.com...
> >
> >>Imhotep wrote:
> >>
> >>>I hope the other states (and countries) follow...
> >>>
>
>>>http://www.theregister.co.uk/2005/08...es_disclosure/
> >>
> >>Yes, clearly that's one law whose time has come. It's a shame though
> >>that it takes a law to inspire an entity to fess up that confidential
> >>customer data has been stolen. You'd think that would be just the right
> >>thing to do.
> >
> >
> > OK, so you go to open a bank account.. do you choose the company that
got
> > hacked last week, or someone else?
> >
> > Guess that explains the reluctance to come clean ;o)
> >
> Yeah, well I guess that's why some define ethical behavior as doing the
> right thing even when no one else is watching. If you entrust something
> to me and something happens to it, you are entitled to know the truth.

Granted. I operate under the same policy (one of the reasons why I tend to
have a fairly tight relationship with my customers)

But I still bet you wouldn't put your own money in the hacked bank.

H1K

optikl wrote:
> Imhotep wrote:
>
>> I hope the other states (and countries) follow...
>>
>> http://www.theregister.co.uk/2005/08...es_disclosure/
>
>
> Yes, clearly that's one law whose time has come. It's a shame though
> that it takes a law to inspire an entity to fess up that confidential
> customer data has been stolen. You'd think that would be just the right
> thing to do.
One of my issues is folks exposing information due to an insecure web
configuration, exposing data, and no clue they are doing it. If done
properly on the right site, you can't tell by the system logs the data
was even exposed, it looks like a normal session. Laws are such you
can't even tell them their data is showing as you will be accused of
hacking their site.

Are they required to tell when they can't tell a breech has actually
taken place? As I read it no, so many companies may still play ignorant.

Winged