|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] [vanderaj
greebo.net: SF new column announcement: Strict liability for data breaches?]
From: Mike Fratto (mfrattogmail.com)
Date: Tue Feb 21 2006 - 10:30:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2/20/06, Adam Shostack <adamhomeport.org> wrote:
> Interesting article. I wonder how many laptops need to be stolen for
> it to be forseeable.
That's not the issue. The issue is did the company take due care?
Since the regulations like GLBA, HIPAA, SOX 404, and others are so
incredibly vague, the courts look to other things like "best
practices". One way of defininf that is "are they doing what their
peers are doing to protect data." The idea being the collective has a
better idea of a best practice than an individual. Stupid, I know, but
that is the way it is. The courts need to go somewhere for guidance.
I really think the regulations are written in a vacuum. Ever read the
techincal requirements for HIPAA? I doubt that they had any IT input.
I could think of a dozen ways that I would have reqorded each passage
so that it was more specific on the required functions while still
being flexible enough for future use. But that's just me.
_______________________________________________
Dataloss mailing list
Datalossattrition.org
https://attrition.org/mailman/listinfo/dataloss
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]