February 18, 2015 at 10:19 am
Gary Varga (2/18/2015)
Yet Another DBA (2/18/2015)
djackson 22568 (2/17/2015).............
Also, I doubt most breaches are reported. At a conference I attended on security, about 1% of the people in the room thought it necessary to contact authorities for issues as serious as child porn being found on company computers, and threats of massive armed violence! The other 99% felt it was perfectly OK to let HR handle it, or the company security staff. This despite the fact that an FBI agent was present and explaining why we need to involve them. I particularly liked his response to the person who asked why he couldn't just delete what he found instead of calling the FBI - "How do you like wearing orange?"
I thought that in the USA there was supposed to be disclosure to data breaches?
Hence the question regarding wearing orange i.e. prison uniform 😉
While disclosure is required, it's a corporate disclosure requirement; the liability tends to stop at the organization level and/or officer level. Sadly you will find that in many cases, there are company rules to discourage individual contirbutors from reporting to the authorities (I actually doubt you will find ANY corporate policies that encourage individuals to report it to the authorities directly).
In many cases you might be faced with invoking whistleblower status if you escalate through the internal channels and find that nothing happens, but that would only apply if you had "followed the procedure" FIRST.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Viewing post 76 (of 76 total)
You must be logged in to reply to this topic. Login to reply