NY (USA) has enacted a security breach disclosure law...

Discussion in 'Computer Security' started by Imhotep, Aug 13, 2005.

  1. Imhotep

    Imhotep Guest

    Imhotep, Aug 13, 2005
    #1
    1. Advertising

  2. Imhotep

    optikl Guest

    Imhotep wrote:
    > I hope the other states (and countries) follow...
    >
    > http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/


    Yes, clearly that's one law whose time has come. It's a shame though
    that it takes a law to inspire an entity to fess up that confidential
    customer data has been stolen. You'd think that would be just the right
    thing to do.
     
    optikl, Aug 13, 2005
    #2
    1. Advertising

  3. Imhotep

    Imhotep Guest

    optikl wrote:

    > Imhotep wrote:
    >> I hope the other states (and countries) follow...
    >>
    >> http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/

    >
    > Yes, clearly that's one law whose time has come. It's a shame though
    > that it takes a law to inspire an entity to fess up that confidential
    > customer data has been stolen. You'd think that would be just the right
    > thing to do.


    Corporate America has taken a really ugly path. You are right though. It is
    a shame that a law had to be put in place for something that should be
    obvious...

    Im
     
    Imhotep, Aug 14, 2005
    #3
  4. "optikl" <> wrote in message
    news:...
    > Imhotep wrote:
    > > I hope the other states (and countries) follow...
    > >
    > > http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/

    >
    > Yes, clearly that's one law whose time has come. It's a shame though
    > that it takes a law to inspire an entity to fess up that confidential
    > customer data has been stolen. You'd think that would be just the right
    > thing to do.


    OK, so you go to open a bank account.. do you choose the company that got
    hacked last week, or someone else?

    Guess that explains the reluctance to come clean ;o)

    Wonder how the law will ever get enforced..? Disgruntled employee is my
    guess.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Aug 14, 2005
    #4
  5. Imhotep

    Unruh Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> writes:


    >"optikl" <> wrote in message
    >news:...
    >> Imhotep wrote:
    >> > I hope the other states (and countries) follow...
    >> >
    >> > http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/

    >>
    >> Yes, clearly that's one law whose time has come. It's a shame though
    >> that it takes a law to inspire an entity to fess up that confidential
    >> customer data has been stolen. You'd think that would be just the right
    >> thing to do.


    >OK, so you go to open a bank account.. do you choose the company that got
    >hacked last week, or someone else?


    Of course it may not be in their interest to do so. So law suits and laws
    change the equation of what their interests are.


    >Guess that explains the reluctance to come clean ;o)


    >Wonder how the law will ever get enforced..? Disgruntled employee is my
    >guess.


    These things tend to leak out. And then not only do they have bad PR but
    criminal legal action as well, which could find the CEO actually spending
    time in jail.
     
    Unruh, Aug 14, 2005
    #5
  6. "Unruh" <> wrote in message
    news:ddo0er$7im$...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> writes:
    >
    >
    > >"optikl" <> wrote in message
    > >news:...
    > >> Imhotep wrote:
    > >> > I hope the other states (and countries) follow...
    > >> >
    > >> >

    http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/
    > >>
    > >> Yes, clearly that's one law whose time has come. It's a shame though
    > >> that it takes a law to inspire an entity to fess up that confidential
    > >> customer data has been stolen. You'd think that would be just the right
    > >> thing to do.

    >
    > >OK, so you go to open a bank account.. do you choose the company that got
    > >hacked last week, or someone else?

    >
    > Of course it may not be in their interest to do so. So law suits and laws
    > change the equation of what their interests are.
    >
    > >Guess that explains the reluctance to come clean ;o)

    >
    > >Wonder how the law will ever get enforced..? Disgruntled employee is my
    > >guess.

    >
    > These things tend to leak out. And then not only do they have bad PR but
    > criminal legal action as well, which could find the CEO actually spending
    > time in jail.


    Cite? Feel free to exclude or include disgruntled employees... ;o)

    H1K

    PS. As goes leaks, a large Scottish bank that I have worked with employs
    125k+ people, and managed to move their entire operations from London to
    erm.. somewhere in Scotland over a weekend. Terabytes of data, and the first
    time that I've seen a multi-gigabit national WAN in operation.

    How many people noticed? Two. And one of those got his legs slapped for it
    (he was an employee at the time); the other was a customer with traceroute
    and far, far too much time on his hands :eek:)

    Note that I am excluding hoteliers and taxi drivers.. they *must* have known
    that something was up.
     
    Hairy One Kenobi, Aug 14, 2005
    #6
  7. Imhotep

    optikl Guest

    Hairy One Kenobi wrote:
    > "optikl" <> wrote in message
    > news:...
    >
    >>Imhotep wrote:
    >>
    >>>I hope the other states (and countries) follow...
    >>>
    >>>http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/

    >>
    >>Yes, clearly that's one law whose time has come. It's a shame though
    >>that it takes a law to inspire an entity to fess up that confidential
    >>customer data has been stolen. You'd think that would be just the right
    >>thing to do.

    >
    >
    > OK, so you go to open a bank account.. do you choose the company that got
    > hacked last week, or someone else?
    >
    > Guess that explains the reluctance to come clean ;o)
    >

    Yeah, well I guess that's why some define ethical behavior as doing the
    right thing even when no one else is watching. If you entrust something
    to me and something happens to it, you are entitled to know the truth.
     
    optikl, Aug 14, 2005
    #7
  8. "optikl" <> wrote in message
    news:...
    > Hairy One Kenobi wrote:
    > > "optikl" <> wrote in message
    > > news:...
    > >
    > >>Imhotep wrote:
    > >>
    > >>>I hope the other states (and countries) follow...
    > >>>

    >
    >>>http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/
    > >>
    > >>Yes, clearly that's one law whose time has come. It's a shame though
    > >>that it takes a law to inspire an entity to fess up that confidential
    > >>customer data has been stolen. You'd think that would be just the right
    > >>thing to do.

    > >
    > >
    > > OK, so you go to open a bank account.. do you choose the company that

    got
    > > hacked last week, or someone else?
    > >
    > > Guess that explains the reluctance to come clean ;o)
    > >

    > Yeah, well I guess that's why some define ethical behavior as doing the
    > right thing even when no one else is watching. If you entrust something
    > to me and something happens to it, you are entitled to know the truth.


    Granted. I operate under the same policy (one of the reasons why I tend to
    have a fairly tight relationship with my customers)

    But I still bet you wouldn't put your own money in the hacked bank.

    H1K
     
    Hairy One Kenobi, Aug 14, 2005
    #8
  9. Imhotep

    Winged Guest

    optikl wrote:
    > Imhotep wrote:
    >
    >> I hope the other states (and countries) follow...
    >>
    >> http://www.theregister.co.uk/2005/08/12/ny_security_breaches_disclosure/

    >
    >
    > Yes, clearly that's one law whose time has come. It's a shame though
    > that it takes a law to inspire an entity to fess up that confidential
    > customer data has been stolen. You'd think that would be just the right
    > thing to do.

    One of my issues is folks exposing information due to an insecure web
    configuration, exposing data, and no clue they are doing it. If done
    properly on the right site, you can't tell by the system logs the data
    was even exposed, it looks like a normal session. Laws are such you
    can't even tell them their data is showing as you will be accused of
    hacking their site.

    Are they required to tell when they can't tell a breech has actually
    taken place? As I read it no, so many companies may still play ignorant.

    Winged
     
    Winged, Aug 16, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QUtBIFNwYXdu?=

    Security Breach

    =?Utf-8?B?QUtBIFNwYXdu?=, Aug 12, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    664
  2. Brenda

    security breach?

    Brenda, Apr 23, 2004, in forum: Cisco
    Replies:
    2
    Views:
    450
  3. John Jones

    XP SP2 Firewall security breach

    John Jones, Nov 11, 2004, in forum: Computer Security
    Replies:
    14
    Views:
    956
    David Shaw
    Nov 13, 2004
  4. John

    XP SP2 Firewall security breach

    John , Nov 13, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    483
    Moe Trin
    Nov 14, 2004
  5. Au79
    Replies:
    8
    Views:
    364
    Fuzzy Logic
    Jan 12, 2006
Loading...

Share This Page