I’d like to respond to two questions posted to my “Security Breaches Are Good For You” post. Antonomasia writes “there are security events other than customer data disclosure – any thoughts on how those can be subjected to evidence-based assessment?” Blivious writes: “What about other kinds of breaches? The apparent moral standard only applies to personal information.”
A goal in giving the talk was to draw attention to the trend, which is that we’re talking about some breaches, and the sky is not falling. Who’dda thunk?
My hope is that over the next decade, we will mature in how we discuss breaches. 1386 will be looked back apon as a watershed event that got us talking. If that happens, then we’ll start to see other events being discussed. (This happens in the airline industry, and again, the sky is not falling.)
So yes, today, the moral standard and the law apply to personal information, but I believe that they can help transform the way we perceive and discuss other kinds of issues.