International Breach Notices: The Future Is Unevenly Distributed
So said William Gibson, and it is as true in breach notices as it is anywhere else. While only 34 US states have laws requiring these notices, we see organizations around the world sending them. They resonate as the right thing. Acknowledging and apologizing for your mistakes is powerful. (Hey, someone should mention that to Mark Hurd. Using a scandal as a pretext for promotion isn’t going to serve you well. But I digress.)
Organizations around the world are getting ahead of their problems by reporting them to their customers:
KRA computers stolen [link to http://www.eastandard.net/hm_news/news.php?articleid=1143958667 no longer works], which contains the interesting comment “A [Kenya Revenue Authority] official said the computers had crucial data on tax returns and it is likely that the data had no back up.”
On the other side of the world, “Computers with patient data stolen from Nagasaki hospital.” [link to http://www.yomiuri.co.jp/dy/national/20060924TDY02007.htm no longer works]
Both via the Dataloss list.
Then of course there is this