steve_con...@ao.uscourts.gov (Steve Conway) writes: > From a security standpoint, the less you expose to the outside world, the > better. Join a few security newsgroups / mailing lists, and see what > (justified) paranoia REALLY looks like.
we were tangentially involved with the cal. state data breach legislation ... having been brought in to help wordsmith the cal. state electronic signature legislation. several of the parties were heavily involved in privacy issues and had done in-depth public surveys. the number one issue was "identity theft", primarily "account fraud" that were result of some sort of data breach. The issue was little or nothing was being done in this area (the institutions with the breaches frequently had little or nothing at risk, the fraudulent transactions were against their customer accounts). there was some hope that the resulting publicity from the notifications would prompt corrective actions as well as give the public some chance to take countermeasures. in the decade plus since the cal. legislation there have been several federal bills introduced ... somewhat falling into two categories, those similar to the original cal. legislation and "federal pre-emption" that would eliminate most requirements for notification. the most recent federal legislation falls into the later category ... notification only when the records contain long list of personal details (would eliminate nearly all breaches ... including the original reason that prompted cal. legislation ... simple account numbers that can result in fraudulent financial transactions). -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
