Much of what Andrew and I wrote about in the New School has come to pass. Disclosing breaches is no longer as scary, nor as shocking, as it was. But one thing we expected to happen was the emergence of a robust market of services for breach victims. That’s not happened, and I’ve been thinking about why that is, and what we might do about it.
I submitted a short (1 1/2 page) comment for the FTC’s PrivacyCon, and the FTC has published that here.
[Update Oct 19: I wrote a blog post for IANS, “After the Breach: Making Your Response Count“]
[Update Nov 21: the folks at Abine decided to run a survey, and asked 500 people what they’d like to see a breach notice letter. Their blog post.]