tag:blogger.com,1999:blog-2938493123269026698.post4273204547348197959..comments2023-12-26T22:00:58.352-08:00Comments on InfoSec & Forensics Law: Definition of Data Security BreachBenjamin Wrighthttp://www.blogger.com/profile/11543639411820745571noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-2938493123269026698.post-61900873546255790542008-03-22T08:02:00.000-07:002008-03-22T08:02:00.000-07:00Thank you for the thoughtful comment above. You e...Thank you for the thoughtful comment above. You express a popoular opinion. My view: My house keys are nothing like my credit card info and my social security number. I never give my house keys to strangers. My house keys are never processed in information systems. In contrast, I give my credit card info to strangers many times every day. And although I give strangers my social security number less frequently, it still happens often. My credit card and social security info are stored in an infinite number of places. As an informed consumer, I am on notice that my data are exposed <I>all the time</I>. I know I should be monitoring my accounts carefully all the time. It does me no good to receive a general notice from a corporation saying that my account information was one of millions of accounts the IT security of which has been compormised. That notice tells me nothing that is actionable. In fact, I am a fool if I wait until I receive one of these notices before I increase my vigilance. My vigilance should be at red alert all the time. (Footnote: I do wish to recieve notice if a corporation learned that a criminal had specifically targeted me for abuse. An example of specific targeting is where a couple of Start Department employees breached the specific passport records of Hillary, Obama and McCain. Another example: I do wish to receive notice if a corporation learns that an ID thief has opened a new financial account in my name. These two example notices would provide me actionable information.) --BenBenjamin Wrighthttps://www.blogger.com/profile/11543639411820745571noreply@blogger.comtag:blogger.com,1999:blog-2938493123269026698.post-74957778654792235612008-03-21T10:24:00.000-07:002008-03-21T10:24:00.000-07:00I find this point of view ridiculous. If a strange...I find this point of view ridiculous. If a stranger obtains copies of the keys to your home, at what point do you want to be notified of that fact? Immediately, so you can change your locks to keep them out? At some later time, once it has been determined that they are actually trying to gain entry to the house? After they have stolen your possessions, but when other parties are trying to have them replaced? Or never, because you trust the party who allowed your keys to be duplicated to suddenly start protecting your interests? At what point in the process do you feel the security of your home has been compromised?Anonymousnoreply@blogger.com