"Information Security and Data Breach Notification Safeguards," updated Apr - TechRepublic
General discussion
April 22, 2008 at 03:59 PM
danlm

“Information Security and Data Breach Notification Safeguards,” updated Apr

by danlm . Updated 18 years, 2 months ago

http://www.fas.org/sgp/crs/secrecy/RL34120.pdf

This is a report to congress that is both scary and confusing on the extent of data breach’s that have occurred and the mess of laws that cover data breach’s.

The scary part:
[i]From February 2005 to December 2006, 100 million personal records were
reportedly lost or exposed.5 The Privacy Rights Clearinghouse chronicles and reports
that over 223 million data records of U.S. residents have been exposed due to
security breaches since January 2005.6 In 2006 the personal data of 26.5 million
veterans was breached when a VA employee?s hard drive was stolen from his home.
In 2007 the retailer TJX Companies revealed that 46.2 million credit and debit cards
may have been compromised during the breach of its computer network by
unauthorized individuals.7 In 2008 the Hannaford supermarket chain revealed that
approximately 4 million debit and credit card numbers were compromised when
Hannaford?s computer systems were illegally accessed while the cards were being
authorized for purchase. There were 1800 reported cases of fraud connected to the
computer intrusion.
Data breaches involving sensitive personal information may result in identity
theft and financial crimes (e.g., credit card fraud, phone or utilities fraud, bank fraud,
mortgage fraud, employment-related fraud, government documents or benefits fraud,
loan fraud, and health-care fraud). Identity theft involves the misuse of any
identifying information, which could include name, SSN, account number, password,
or other information linked to an individual, to commit a violation of federal or state
law.8 According to the Federal Trade Commission, identity theft is the most common
complaint from consumers in all 50 states, and accounts for over 35% of the total
number of complaints the Identity Theft Data Clearinghouse received for calendar
years 2004, 2005, and 2006. In calendar year 2006, of the 674,354 complaints
received, 246,035 or 36% were identity theft complaints.[/i]

The confusing part.. All the flippen laws(local, state, and federal) that deal with these data breach’s and the required reporting/notification of. What bothers me about all these laws is this:

[i]Some critics say that current laws focus too closely on industry-specific uses of
information, like credit reports or medical data, rather than on protecting the privacy
of individuals.17 Others believe the sectoral approach to the protection of personal
information reflects not only variations in the types of information collected (e.g.,
government, private sector, health, financial, etc.), but also differences in the
regulatory framework for particular sectors. Others advocate a national standard for
entities that maintain personal information in order to harmonize legal obligations.18[/i]

In other words, after you read through the mess of various laws(local, state, federal) there is no standard. And then, nobody can agree on a standard to be followed.

Ya know, I would like to put forward some type of position on this… But as detailed as this report is… As even handed it is in its presentation… All it does is scare the living crap out of me and confuses the yuk out of me.

So, I’ll just pass on the information and let you make your own mind.

Dan

This discussion is locked

All Comments