The Breach Response Market Is Broken (and what could be done)
Much of what Andrew and I wrote about in the New School has come to pass. Disclosing breaches is no longer as scary, nor as shocking, as it was. But one thing we expected to happen was the emergence of a robust market of services for breach victims. That’s not happened, and I’ve been thinking about why that is, and what we might do about it.
I submitted a short (1 1/2 page) comment for the FTC’s PrivacyCon, and the FTC has published that here [link to https://www.ftc.gov/system/files/documents/public_comments/2016/10/00035-129137.pdf no longer works].
[Update Oct 19: I wrote a blog post for IANS, “After the Breach: Making Your Response Count“ [link to https://www.iansresearch.com/insights/blog/blog-insights/2016/10/19/after-the-breach-making-your-response-count no longer works] ]
[Update Nov 21: the folks at Abine decided to run a survey, and asked 500 people what they’d like to see a breach notice letter. Their blog post.]