Tragedy strikes yet again as a major retailer cannot account for over a million cardholder data records.
If that last sentence still got your attention, then you are probably one of few that still finds data breaches and the over-the-top media response interesting. It only seems like a few days pass, and then we hear about another one, then another. Doesn't all this media hype just make the public bored of data breaches, and make the public think that data breaches are just the norm?
Given media over-activity on even the slightest whiff of data loss (we're pretty sure Staysure didn't have any credit card data records compromised, for example, although felt obliged to report they'd lost all of them), then is the brand and reputational damage that companies harp on about actually a big deal any more?
SB 1386 – mandatory data breach disclosure legislation born in California and now adopted in most US states. It's a criminal offence if a company doesn't disclose a data breach, or a potential data breach, or even an inkling that something nefarious might be going on. Result? The media goes crazy.
I'm not convinced data disclosure legislation has actually helped companies serving US customers improve their security posture. They all seem too happy to wait in line and be the next name in the spotlight.
So the plans afoot to put in place an EU Directive to similar affect are most likely not to be effective either. It's as if “brand damage” is the silent punishment for data loss, yet the real problems ignored.