November 5th, 2003, 03:07 PM
Legislation VS. Identity Theft
This is an article I found this morning on one of my favorite subjects. I think everyone should spend a bit more time and do a small amount of research, and protect yourselves. It appears as if there is finally enough trouble being caused by this crime for Legislators to step in and try and help the consumer. If you ask me, they should of done this a few years ago. But apparently they prefer for things to be out of hand before they attempt to stop them. Legislators have propesed what appears to be just an idea at this point.
So far it sounds pretty good for us. So does this include basic defacements?
Under the bill, companies must notify customers whenever their personal data--such as Social Security, driver's license, credit, or debit card numbers--are compromised through computer hacking or other unauthorized access.
Companies that fail to comply would be fined up to $5000 per violation or up to $25,000 each day.
It would be easier to clean up a mess right away, then to try and hide it and not attempt to clean it up at all.
Some companies like TriWest notify their customers immediately, while others are more reticent because they fear the public's response to an admission of failure in the security infrastructure. TriWest's McIntyre said none of the customers affected by the stolen database had reported fraud or other related identity-theft problems. TriWest deployed a communication plan that included press alerts and letters to its customers whose personal data had been compromised.
We'll you had my support to begin with. But you had to go and suggest limitations.
The bill would exempt companies from notifying their customers under the following circumstances:
1:/>The stolen data is encrypted.
2:/>The notification costs are too expensive or impractical. The company may use alternative notice in such cases. For example, it may post announcements in major media outlets or on the company Web site.
3:/>The company already has developed a "reasonable" notification policy. A Feinstein spokesperson says the FTC would determine what is reasonable.
Unless they are of course too expensive. What kinda lame duck **** is that? So instead you make a general announcment. You should have to notify each person.
Either make the companies responsable for their end, or remove the right to store data. My ideas are as far fetched as thiers in my opinion. They are currently failing us, so something has to be done.
None the less the Full story is here.
Tell me what you think.
Your heart was talking, not your mind.
November 5th, 2003, 03:16 PM
About fruiting time they have passed this law..
Maybe it will save millions of people from suffering from Identy Theft, i could only begin to imagine what sort of trouble people have to go thre to regain there Identy. From what i've read about this is pretty Harsh..
I mean how would you feel putting your trust into an Internet Run Company and they get hacked or whatever, and someone steals your identy pretends to be you, and after they've had there little fun and ruined innocent people's life's, the comany will then speak up and say that they MIGHT of been at fault for not notifiying customers of a possible sevurity breach...
I now of one person that has had there Idendity Stolen from Malicious hackers, He is still battling the courts and company's to settle suits for various things..
Anyhow me thinks that it's about time and hopefully it will save a lot of people from uneeded grief and stress.
There's my 2 cents so enjoy
November 8th, 2003, 07:43 PM
It's worth noting that since the law has gone into effect, there have been exactly 0 disclosures of security breaches. It's a good law, but nobody is really interested in enforcing it. Certainly, most companies are loath to admit that they had a break-in. It's going to take a few high-profile fines before anyone starts to comply.