digg

Facebook Connect Join Digg About
See the original image at arstechnica.com

Data breach notifications one step closer to law... again

arstechnica.com It's frustrating to be a consumer these days, especially knowing that your personal information could be exposed anytime there's a major data breach. Two new Senate bills aim to improve notification to customers when their information is exposed to thieves and, despite their shortfalls, experts are still holding out hope.

Who dugg this? Made popular 20 days ago

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

21 Comments

show profanity settings
expand all
  • LonelyTylenoL, on 11/09/2009, -1/+28Man this new background really looks awkward and disorienting on digg.....




    sorry, it needed to be said
  • Contradictions, on 11/09/2009, -0/+10Having to fight identity theft drives up consumer costs.
  • enantiodromia, on 11/09/2009, -0/+9It is infuriating when you get the letter in the main saying your credit card has been frauded, but they won't tell you by who or how.

    If I knew what business had ***** security policies, I won't do business with them anymore, but no, I'm not "allowed" to know how my credit card number was stolen.
  • Contradictions, on 11/09/2009, -1/+8Let's make this happen. Companies don't mind leaking your info but they aren't quick to let you know about it, if they ever tell you at all. Just look at all the confidential docs that were dumped in NYC as part of the Yankees parade last week.
  • LonelyTylenoL, on 11/09/2009, -1/+7That's your opinion and your guess clumped together in a blatant way that makes it sound like fact.
  • ScottyAnimal, on 11/09/2009, -1/+5How is this not law?
  • s73v3r, on 11/09/2009, -0/+4This is necessary. It allows me as a consumer to know when a company made a mistake involving my personal information, and take the necessary precautions to prevent Identity Theft. It also will allow me to choose not to do business with companies that have a terrible security record in the future.
  • Onibus, on 11/09/2009, -1/+4This will be good news for all consumers if or when this bill passes. The sooner one knows their information has been compromised, the faster you can react to lessen the damage that can be inflicted. Personally, I would be furious to learn of a data breach that took place upward to a year ago because the organization decided the publicity would hurt them.
    Hopefully, the bill will force organizations to disclose breaches within a reasonable time (say weeks instead of months) and punish those who keep consumers in the dark.
  • s73v3r, on 11/09/2009, -0/+3Having the IRS using my Social Security number isn't that bad; they're both part of the government, and ideally should be sharing information with each other. Having some credit card company know my Social Security number is completely unnecessary, doesn't really bring any benefit to me, and a limited benefit to them which could easily be replaced with a different number that isn't so important.
  • grnicon, on 11/09/2009, -0/+3"In response to this annoying trend, members of Congress have introduced legislation that would require organizations to notify customers when their information is no longer secure."

    Well, the only way to be absolutely sure is that anytime you send anything over the network, that data instantly becomes insecure. Organizations, themselves, may not even be aware of data security issues. You can copy an entire database of credit card numbers and the organization will have no trace of this. At best, they can guess that the data was stolen. But unless they actually catch someone in the act of stealing the data, then they don't know for sure the extent of the damage or, usually, even if the data was actually stolen.

    There is always going to be at least one person with total access to your data, that is above any record keeping practices. Usually this is a system admin, but often software developers as well.

    There are just too many potential loopholes and no way to even enforce such a law.
  • regeya, on 11/09/2009, -0/+3Well, when I read the brief blurb on Digg, I wondered, "Gee, I wonder how long it will take govtdoesnotwork and govsucks to weigh in against it?" Looks like you got all the crazy out of the way in the first post, though.

    Identity theft drives up consumer costs.
  • rmxz, on 11/09/2009, -1/+3Seems a bigger problem is that so much information's consolidated in the first place.

    Why do all these organizations need my social security number anyway. Better if they passed legislation that made it stay between me and the social security agency. So you say the IRS needs a number too - fine - let them issue one and keep it between them and me and my employer.

    Seems people would be safer if all my bank knew was information specific to me and my bank - that way if they leak the info, the most I lose is one account.
  • s73v3r, on 11/09/2009, -0/+2This ad is incredibly annoying and makes the site much more difficult to use.
  • terminal157, on 11/09/2009, -0/+2It gives me a headache and makes me want to boycott Dragon Age out of spite. And I am very much in the target demographic.
  • s73v3r, on 11/10/2009, -0/+1Which is why this should be made into law; so that when such things do happen, I am notified so that I can take the proper action. Whether that's the get new cards, or to close the accounts and find a credit union is up to me.
  • Julian88888888, on 11/09/2009, -0/+1adblock plus, firefox. get it.
  • shredswithpiks, on 11/10/2009, -0/+1But if you do get a letter that says the breach was months ago, you'll know to leave. If you never get a letter then either your info hasn't been compromised or your bank is really sleazy. I guess I don't have a suggestion when your bank doesn't inform whatsoever.
  • s73v3r, on 11/10/2009, -0/+1That's just it; not every institution will let you know in a timely manner that your data was breached. And if I haven't been notified, or heard about something in the news that might involve me, then I don't know that something happened, and have no reason to seek out another bank.
  • shredswithpiks, on 11/09/2009, -1/+2Seems to me we don't need legislation to fix this problem. For example, I have no credit cards (no CC companies to screw me) and my local credit union has notified me twice that my debit card number was compromised, while sending me a new card automatically (all within 5 days of them learning the info was compromised). There are companies out there with great notification procedures. I suggest everyone abandon the companies that don't, because they aren't offering you the best service you could get. The *first* time you get a letter that says "two months ago your info was compromised" why not move accounts immediately? After a while of people doing this the company will either change their evil ways or run out of customers.

    Or... maybe the customers just don't care enough to put the effort in and find a better bank?
  • onefineline, on 11/09/2009, -0/+1Can anyone explain to me what he's talking about?
  • ButterLoyalist, on 11/09/2009, -11/+3This is not necessary. It will drive up consumer costs.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.