Writing on recent citi disclosures about loss of 3.9 million personal data Bruce Schneier says,it an illusion to think that there has been an epidemic of personal-data losses. What we're seeing are the effects of laws that requires companies to disclose losses of thefts of personal data. It's always been happening, only now companies have to go public with it. The California law is good for three reasons. One, data on actual intrusions is useful for research. Two, alerting individuals whose data is lost or stolen is a good idea. And three, increased public scrutiny leads companies to spend more effort protecting personal data.
My Take: I agree with Bruce that this is like public shaming & business shall be more responsible and try to spend money to avoid the PR cost of public shaming. Hence, security improves. This should not raise the bar of insensitivity/apathy in public through attenuation effects. with more public shaming, it shoudl not be seen to be a routine affair that could get ignored and when there's less public shaming, the amount of money companies are willing to spend to avoid it goes down.Most data losses don't result in identity theft. But that doesn't mean that it's not a problem
|
