From: Chris Walsh (chriscwalsh.org)
Date: Thu Jan 15 2009 - 13:30:06 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"as a nonprofit we would only including breaches
with potential risk to SSNs, financial accounts, medical records and
that the information had to be usable by a thief so that a breach that
only exposed part of a credit card number would not be enough for a
thief to use."

Huh?

It seems clear that breaches not reported nonetheless represent a risk, or
else

a) we could eliminate risk by banning reporting of them, and
b) SB1386 and its kindred laws increased ID theft risk

Just how much incremental risk one faces by having ones PII exposed is one
of the most vexing questions in this area, and it is one for which I have
yet to see a satisfactory answer, but I am certain that publication is but a
part of the picture.

Chris

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]