Matt Blaze wrote: > Once sensitive or personal data is captured, it stays around forever, > and the longer it does, the more likely it is that it will end up > somewhere unexpected.
Great point, and a fundamental lesson-of-the-moment for the security industry. To take it one step further: The amount of sensitive information an organization stores is roughly proportional to the number of data leaks it initiates. We already know that information "wants" to be free, and if you keep information around, sooner or later, it's going to leak out. (There's probably some mathematical way to describe this relationship.) Rather than expecting companies to keep data totally secure and then send apologetic letters when it gets lost, perhaps we should start taxing companies in proportion to the amount of sensitive information they store, and use that tax to assist victims of identity theft. This would have the double benefit of giving companies immediate incentive to reduce the amount of information they store, and would also provide appropriate public funding for incident recovery. Sherri -- http://philosecurity.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
