b10010011
Whats a Posting tag?
join:2004-09-07
Bellingham, WA
 ·Comcast Formerly ..
| You know there ought to be a law...
Yes this is a bit off topic, but still.
There have been so many recent incidents with laptops (that were taken off company property for whatever reason) containing personal information being stolen.
The business involved should be required to pay for every single person whos data was stolen to get things like a credit report, new credit cards, bank accounts. Also the company whe lost the data should have to pay back any money or credit card charges made by the data theifs.
Really there is no good reason for people to be taking this type of data home with them. I know, I know, "so they can work from home". They will have to work late or come in on the weekend if they can't get teir job done during normal working hours. |
|
AnonProxy
Proxy of Anon
Premium
join:2001-05-12
ß | The last thing we need are more laws....there are plenty of laws and civil actions that can be taken against these MORANS! (worse than a moron)....
If you want the gov't telling you how to use your PC, please kill yourself now....and don't breed. |
|
b10010011
Whats a Posting tag?
join:2004-09-07
Bellingham, WA
·Comcast Formerly ..
1 edit | said by AnonProxy  :If you want the gov't telling you how to use your PC, please kill yourself now....and don't breed. No, I want the government to tell companies that they have to protect our personal information or pay for the damage.
This goes for data stored in a laptop or a file cabnet.
It's not the media, its the information stored on it that is important. |
|
ReVeLaTeD
Premium
join:2001-11-10
San Diego, CA
| reply to b10010011
That's unreasonable. The pay for everything deal.
If you rented a car using company funds and it got stolen from you and the thief totaled it, would YOU want to pay the $10,000-$50,000 to replace it just because you happened to have possession of the car when it was stolen?
I'm not justifying the action. I'm stating that there is a certain level of reasonable expectation that the person has taken sufficient measures to secure the item(s) in question. You could lock your car, put on a CLUB, enable an alarm and install a kill switch, and a determined thief could STILL take your car. Does that automatically fault you? Should you be responsible because the thief was diligent?
If a company can demonstrate that it took best measures to prevent the loss of the information by ensuring all security updates were applied and appropriate encryption and authentication processes are in place, they shouldn't have to "foot the bill" because some determined thief got their hands on the information. |
|
b10010011
Whats a Posting tag?
join:2004-09-07
Bellingham, WA
·Comcast Formerly ..
| said by ReVeLaTeD :If a company can demonstrate that it took best measures to prevent the loss of the information Well one mans "best measure" is another mans gaping security hole. |
|
envoid
join:2002-12-21
Duluth, GA
| reply to b10010011
said by b10010011 :said by AnonProxy :If you want the gov't telling you how to use your PC, please kill yourself now....and don't breed. No, I want the government to tell companies that they have to protect our personal information or pay for the damage. This goes for data stored in a laptop or a file cabnet. It's not the media, its the information stored on it that is important. LOL There's civil court for this issue. It falls under defamation, etc... |
|
Cthen
join:2004-08-01
Ypsilanti, MI | If it were to happen here in the US you could slam the medical facility with breech of "Doctor to patient confidentiality". Defamation is totally different from this.  |
|
ReVeLaTeD
Premium
join:2001-11-10
San Diego, CA
| reply to b10010011
best measure is best measure. There's no distinction.
Obviously if a company sent an email saying "oops!", that's not best measure. However if a company had a timed, locked, alarmed, camera'd room with its servers AND instituted RSA token security with random generating secondary identification numbers, AND thumbprint security, AND corporate policy with disciplinary action plan, AND live monitoring, AND regular background checks on all staff, it's hard to fault that company if some determined ass posing as a cleaning crew member happened to steal a workstation with NPI on it. |
|
b10010011
Whats a Posting tag?
join:2004-09-07
Bellingham, WA
·Comcast Formerly ..
| said by ReVeLaTeD :Obviously if a company sent an email saying "oops!", So far in every case I have heard about the companies responce to the theft has been: "oops!" A laptop containing all your personal info has bee stolen. Customers (or patients) are advised to keep an eye on their credit report etc... |
|
ReVeLaTeD
Premium
join:2001-11-10
San Diego, CA
| said by b10010011 :said by ReVeLaTeD :Obviously if a company sent an email saying "oops!", So far in every case I have heard about the companies responce to the theft has been: "oops!" A laptop containing all your personal info has bee stolen. Customers (or patients) are advised to keep an eye on their credit report etc... We're not talking about just the response. We're talking about the measures in place before the breach/theft. It's one thing to say "oops!" about a theft where there was no security to hopefully block attempts to get the data. It's another to say "oops!" when there's 5 levels of security to crack AND a trace program designed to catch the thief. As a judge that has to be weighed, not just how the company responded to the breach/theft, but also what measures were in place prior to. |
|
