Thursday, October 29, 2009

The FBI Favors A National Breach Notification Standard

The Federal Bureau of Investigation is in favor of a national data breach notification standard, reports Agency officials say it would help law enforcement fight cybercrime, the report states. During a cybersecurity discussion in Washington yesterday, the head of the FBI's Cyber Criminal Section said such a standard "would help us tremendously, particularly in terms of efficiency in conducting investigations." Troy said that widespread reporting would help cyber cops discover links and potentially prevent similar attacks. Senator Leahy's Personal Data Privacy and Security Act, introduced in July, and a Senate cybersecurity bill to be introduced this year includes or will include breach-notification rules.
Full Story

I've long said that unless the states can get together and pass comprehensive legislation to enforce data breach notification then the Federal government will.

Then there is this from Javelin Research,

Breach Notifications Fall Flat on Consumers

The Credit Union Times reports on study findings that suggest consumers do not understand the importance of data breach notifications and, as a result, fail to protect themselves from fraud. Javelin Strategy and Research says that consumers who have been notified of a breach of their data were four times more likely than the public at large to experience fraud, the report states. The firm said that 19 percent of consumers who received a data breach notification over the past year have become the victims of fraud within a year of the notification. Full Story

Perhaps federal regulations will also help to improve public awareness. In my experience almost no one is aware of the breadth of identity theft and its various permutations until they get some honest education on the subject. Then almost to a person they see the beauty of notifications and what than can mean as an early warning. They also usually see the great benefit of having a good service in place ahead of time.

When you are a victim of identity theft what do you really want in a service? Do you want an "Insurance Policy" , or do you want comprehensive restoration? Since insurance can ONLY replace out of pocket expenses incurred when trying to perform your own restoration what is the point of underwritten insurance?

How about credit monitoring? Is that of any real help if there isn't any follow up to work with the victim to clear the erroneous notations and record entries? Again, without restoration no monitoring service is of any substantial value.

No comments: