I stopped reading Jeremiah Grossman‘s blog post Indirect Hard Losses to write this poll. I am happy to see that people are showing their opinions to breaches through their wallets or the services they accept. But should the customers be more forth coming? Should companies have to mark on their web pages (all web pages that they provide to the public) that data in their possession was compromised?
This is a tricky situation. In many states, persons who have abused children are required to disclose themselves to persons in their neighborhood. We are also all aware of state or county run websites that display the name, offense, picture, and the last recorded address for these people. Now, you might be thinking to yourself that this is a completely different situation and risk. While I do admit that the situation is different I have to say that the level of risk could be considered similar. If a victim of identity theft can go to jail because nobody will believe his story, I think the risks can be pretty high. Also, although the risk of a sex offender is higher in cost to a community, company websites have the potential to affect a very large portion of the United States and even the international community.
Another argument against this is that the business is the victim of a crime and not the perpetrator. I do admit that I understand and sympathize with this argument. One way around this is to allow the business to provide information about the new protections that they have implemented to increase the security around the data they maintain (insert “mandatory information disclosure” argument here) and to provide a hot line to their support department.
So, without further ado, here is the poll.
Go forth and do good things,
Don C. Weber