US consumers want companies fined for security breaches
Anne & Lynn Wheeler
lynn at garlic.com
Sun Jul 10 18:26:59 EDT 2005
http://www.finextra.com/fullstory.asp?id=13952
US consumers want companies fined for security breaches
The majority of US consumers want to see criminal charges levied against
companies that fail to protect their personal data, as one in five
individuals admit falling victim to identity theft.
... snip ...
part of this is the risk proportional to security post that i frequently
repeat
http://www.garlic.com/~lynn/2001h.html#63
part of the issue is that these tend to not be security *integrity*
breaches that threaten the companies involved. these tend to security
*privacy* breaches that threaten the customers, where (static) personal
data can be used in account and/or identity fraud. In some cases, as
little information as a valid account number is sufficient to generate a
succesful fraudulent transactions.
I had provided a motherhood statement for the x9.99 financial standards
privacy standard .... something to the effect that most *privacy*
security tends to require a rethinking of the security landscape ....
since these security threats aren't directly against the institution,
they are against customers of the institution (unless the gov. can
translate such *privacy* breaches into direct threats against the
institution in the form of fines or other regulatory/legislative action).
somewhat related post
http://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and
authentication
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list