From: Henry Brown (hbrownknology.net)
Date: Sat Jun 14 2008 - 07:38:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9096538
Opinion: Breach laws fail to protect anyone

By Bart Lazar

 The database security laws passed by 39 states cause businesses
substantial expense. Although the goal of these laws is to prevent
identity theft, there is no credible evidence that demonstrates that the
supposed benefit to consumers outweighs the administrative burden and
expense caused to companies. Because the alleged benefits are illusory,
a company's time and resources would be better spent on proactive
efforts to prevent data breaches.

With security breaches at major companies frequently in the news,
legislators feel pressured to pass laws to protect consumers. No
politician wants to be viewed as being soft on identity theft. However,
legislatures have not passed proactive laws that would prevent theft,
but reactive ones that impose substantial burdens on companies.

[...]

Ultimately, the privacy and security interests of our citizens may be
better served if the money spent on reacting to security breaches as
part of a legislated incident response instead was invested on a
proactive basis into security infrastructure and training.

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]