> That is a bit broad. Are you speaking of any and every company? Are we > talking about just ecommerce or security of every kind? Or was that just an > analogy of how ridiculous it is to expect average Internet end users to be > able to completely lock down their house and all their electronic systems > from any and all possible outside attack or intrusion? If so, then yep. :)
Ok first off let me apologize for both top-posting and double posting, I sent that from my tablet (a B&N Nook), and the tablet is a bit quirky and twitchy. My point was simply that if you are storing personally identifying information and that information becomes compromised, there needs to be serious repercussions. A "whoops sorry, call your friendly local credit monger err monitor", just doesn't cut it. There needs to be liability and it needs to be established and enforced. On the other hand, if a company is following industry best practices for the handling of sensitive information and still ends up being compromised, I don't believe that there should be repercussions, since industry does tend to do a pretty good job here. Industry here meaning the companies tasked specifically with dealing with sensitive information. For instance PCI-DSS is a current best practice industry standard for anyone dealing with credit card data. So to sum up, I am not advocating for a federal security standard. Merely a law that says something to the effect of "If you do not follow and maintain current industry best practices for the handling of sensitive data, then the corporate veil can be pierced and you as an executive can become personally, criminally and civilly liable just as if you had aided and abetted the criminal yourself" This only applies to companies that want to store personally identifiable information, such as name, social security and/or credit card numbers. I think adding personal liability at the executive level, makes it a bit more threatening. Decision makers tend to tread lightly, where the veil is thin. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
