US consumers want companies fined for security breaches

The majority of US consumers want to see criminal charges levied against
companies that fail to protect their personal data, as one in five
individuals admit falling victim to identity theft.

... snip ...

part of this is the risk proportional to security post that i frequently

part of the issue is that these tend to not be security *integrity*
breaches that threaten the companies involved. these tend to security
*privacy* breaches that threaten the customers, where (static) personal
data can be used in account and/or identity fraud. In some cases, as
little information as a valid account number is sufficient to generate a
succesful fraudulent transactions.

I had provided a motherhood statement for the x9.99 financial standards
privacy standard .... something to the effect that most *privacy*
security tends to require a rethinking of the security landscape ....
since these security threats aren't directly against the institution,
they are against customers of the institution (unless the gov. can
translate such *privacy* breaches into direct threats against the
institution in the form of fines or other regulatory/legislative action).

somewhat related post the limits of crypto and

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to