<div style='background-color: none transparent;'></div>

To report, or not to report?

Computerworld is running a story that, “Three more U.S states add laws on data breaches”, but what would be the consequences of this action? Less security breaches? I doubt so. Realistic metrics and reactions whenever an actual breach occurs, as well as its future prevention measures? Now that’s something I think.

Such legislations have a huge impact, both, on the industry, the public opinion, and company itself. No one likes admitting getting hacked, or having sensitive information exposed to unknown and obviously malicious party. Yet, if it wasn't companies reporting these breaches, thousands of people would have been secretly exposed to possible identity theft, and we’ll be still living with the idea that the Megacorporations are responsibly handling our information. Which they obviously aren’t! And even if they try to hide it, sooner or later a victim will starting digging in, and the story ends up in mainstream news. Privacyrights.org have taken the time and effort to compile a "A Chronology of Data Breaches Reported Since the ChoicePoint Incident", and as you can see, it's not getting any better, though, reporting and legislations have the potential to change a lot.

At the bottom line, I am a firm believer that, reporting breaches greatly improves the accuracy of security metrics, and hopefully the solutions themselves. Security through obscurity is simply out of question when it comes to storing unencrypted databases online, or even distributing them offline, though, it’s still obviously very popular today.

What do you think? Are the long-term negative PR effects worth the uninterrupted business continuity as a whole? Are you comfortable with not knowing how exactly is any of the organizations possessing sensitive info on you, is taking care to secure it? I'm not!

As well as various other comments on the topic :

Information Security Breaches and the Threat to Consumers
Security Breaches : Notification, Treatment, and Prevention
Recommended Practices on Notification of Security Breach Involving Personal Information
What Does a Computer Security Breach Really Cost?

Technorati tags :
Share this article :
Copyright © 2011. Dancho Danchev's Blog - Mind Streams of Information Security Knowledge . All Rights Reserved
Company Info | Contact Us | Privacy policy | Term of use | Widget | Advertise with Us | Site map
Template Modify by Creating Website. Inpire by Darkmatter Rockettheme Proudly powered by Blogger