There’s a lot of headlines about how the TJX “Data Theft Grows To Biggest Ever” (Washington Post). The trouble is, that claim is wrong, and it’s wrong even amended to “Biggest reported ever.” The biggest reported theft of person data is Scott Levine’s theft of over a billion records from Axciom. As the Department of…Read More Worst Breach Ever?
I’d like to respond to two questions posted to my “Security Breaches Are Good For You” post. Antonomasia writes “there are security events other than customer data disclosure – any thoughts on how those can be subjected to evidence-based assessment?” Blivious writes: “What about other kinds of breaches? The apparent moral standard only applies to…Read More The Sky Is Not Falling–What Can We Learn?
Riffing on what Arthur has said, I’ll take a slightly different exception to Mike Rothman’s rant on anonymity. Kathy Sierra’s been treated pretty shabbily. The problem isn’t anonymity, it’s a lack of accountability. These people are behaving unacceptably, and we don’t know who they are. However, there are cases where people have acted in similarly…Read More Names Don’t Matter, Accountability Does
At Shmoocon, I talked about how “Security Breaches are Good for You.” The talk deviated a little from the proposed outline. I blame emergent chaos. Since California’s SB 1386 came into effect, we have recorded public notice of over 500 security breaches. There is a new legal and moral norm emerging: breaches should be disclosed.…Read More Security Breaches Are Good for You: My Shmoocon talk
So Mike Rothman thinks that anonymity is for cowards: During the discussion last night, one guy pointed out that sometimes things are too sensitive or controversial or unpopular to say, so anonymity allows folks to do that. I call bullshit on that. Anonymity is the tool of a coward. And while I agree with Mike…Read More On Anonymity
Portuguese seafarer Christopher de Mendonca led a fleet of four ships into Botany Bay in 1522. No one noticed before because the map was oriented wrong when it was copied. This is a nice article from news.com.au.Read More Portuguese Got to Australia in 1522
Adam comments on some breach commentary, and quotes Nick Owen saying that breaches are a sign of incompetence. I can’t let this stand un-commented-upon. I believe that that is a dangerous comment, and one that needs to be squashed early. It’s like saying that a bug tracking system with lots of bugs in it is…Read More Holding a Lighted Brand up to Damage
Tim Erlin runs some numbers in “Is Brand Damage a Myth” at Ncircle, and Nick Owen piles follows on with some diplomatically presented thoughts in “Brand Damage, Stock Price and Cockroaches:” My theory is that information security breaches are an indicator of a lack of management competence. Moreover, as discussed previously, information security breaches are…Read More Breaches and Brand Damage
Dan Solove writes: Professor Neil Richards (Washington University School of Law) and I have posted on SSRN our new article, Privacy’s Other Path: Recovering the Law of Confidentiality, 96 Georgetown Law Journal __ (forthcoming 2007). The article engages in an historical and comparative discussion of American and English privacy law, a topic that has been…Read More Privacy's Other Path