« Movie-Plot Threat Contest on Bruce Schneier's blog... | Main | My old travel pictures archive is now available »


Data loss disclosure laws in the US

Bruce Schneier, well known security guru, has posted an interesting summary of expected federal law covering disclosure of data loss in the US. What Bruce doesn't mention is that a lot of the state laws that are in place include a notification exemption for where notifying customers that their data has been lost would be too costly to a company.

For example if a company did lose data relating to several hundred thousand customers it is not too hard to imagine that the cost involved could be greater than $250,000 (which is the limit for the Ohio notification law). The company could then opt for a "conspicuous posting" on their website, or to provide "notification to major media outlets" in lieu of informing each customer.

Not hard to imagine never hearing about your data being lost is it?

Tags:

Found this useful? Then Digg It.

Posted by Justin Clarke on April 20, 2006 2:43 PM |


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

All spam will be reported

Search

Google
Web justinclarke

About

This page contains a single entry from the blog posted on April 20, 2006 2:43 PM.

The previous post in this blog was Movie-Plot Threat Contest on Bruce Schneier's blog....

The next post in this blog is My old travel pictures archive is now available.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.36

Valid XHTML 1.0!