QOTD - Schneier on data breach laws

The problem with companies protecting your data is that it isn't in their financial best interest to do so. That is, the companies are responsible for protecting your data, but bear none of the costs if your data is compromised. You suffer the harm, but you have no control – or even knowledge – of the company's security practices. -- Bruce Schneier
Years ago, I had the chance to attend a presentation by Bruce Schneier where he covered the various drivers to improve information security (legislation, insurance, loss of costumers). In this article, Bruce expands on the need for data breach notification laws and makes the case for stronger authentication around the use of credit (to mitigate ID theft).

Why security breach notification laws are a good thing | OUT-LAW.COM

No comments: