Monday, July 09, 2007

Not All Data Breaches End in ID Theft

A report last week by the General Accounting Office (GAO) said that large scale data breaches don't always result in equally large-scale cases of identity theft.

The report said that wide-ranging data breach notification laws could put a strain on businesses and result in a Chicken Little-like scenario where the sky was falling for every breach, even small ones.

The point is well-taken, since the bulk of identity theft is still physical, coming from theft of wallets and documents in offices. But it doesn't absolve companies from absolving responsibly in handling customer data, or notifying individuals when their data has been compromised, in some cases.

Alan Paller of SANS told Computer World that he agreed with the report's findings and that lawmakers need to focus on attack-based defenses rather than data breach notification.

The story was also reported on CNET.


Post a Comment

Links to this post:

Create a Link

<< Home