Comments on: The Cost of Disclosures, and a Proposal http://emergentchaos.com/archives/2007/04/the-cost-of-disclosures-and-a-proposal.html The Emergent Chaos Jazz Combo Mon, 15 Mar 2010 15:02:09 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: nowen http://emergentchaos.com/archives/2007/04/the-cost-of-disclosures-and-a-proposal.html/comment-page-1#comment-3488 nowen Thu, 12 Apr 2007 10:06:30 +0000 http://emergentchaos.com/?p=2308#comment-3488 I agree with Ian. I'm the one who can best decide my risk. Also, if I'm out $50 because of a merchant's negligence, I want my $50 back from them. I agree with Ian. I’m the one who can best decide my risk. Also, if I’m out $50 because of a merchant’s negligence, I want my $50 back from them.

]]> By: rG0d http://emergentchaos.com/archives/2007/04/the-cost-of-disclosures-and-a-proposal.html/comment-page-1#comment-3487 rG0d Mon, 09 Apr 2007 18:52:42 +0000 http://emergentchaos.com/?p=2308#comment-3487 I don't think you know how much credit card fraud can impact your credit. As Iang notes in his previous post - not all credit-card issuers protect you against card-fraud, and many that do require you to notify them within 40 days (or similar amounts) of time, otherwise the cost is yours. As I've noted in <a href="http://rg0d.blogspot.com/2007/04/credit-agencies-ultimate-scam.html" rel="nofollow">my own blog post</a>, the amount of power credit reporting agencies have over their ability to ruin us is daunting - and playing casual with that data is by no means a smart thing to do. In point of fact, I propose in my blog posting to remove (or at least control) some of the power they have. I don’t think you know how much credit card fraud can impact your credit. As Iang notes in his previous post – not all credit-card issuers protect you against card-fraud, and many that do require you to notify them within 40 days (or similar amounts) of time, otherwise the cost is yours.
As I’ve noted in my own blog post, the amount of power credit reporting agencies have over their ability to ruin us is daunting – and playing casual with that data is by no means a smart thing to do.
In point of fact, I propose in my blog posting to remove (or at least control) some of the power they have.

]]> By: Iang http://emergentchaos.com/archives/2007/04/the-cost-of-disclosures-and-a-proposal.html/comment-page-1#comment-3486 Iang Mon, 09 Apr 2007 16:05:49 +0000 http://emergentchaos.com/?p=2308#comment-3486 Bringing up "it costs too much" is a poor argument when we haven't yet figured out what is the right thing to do. Although SB1386 was a big win, I don't think we want to glorify it and claim it perfect. Before there was nothing, now there is something. We still have a lot more distance to travel. The fundamental reason you have to be notified is that you are the only one who can properly assess your own risk. You have more info on these risks than anyone else; the person who lost the info has none of this information. So you are right in saying: <blockquote>When the personal data being lost is a credit card number, I don't care that much. When it's medical data, my national id number, or other data which can be used to harm people, I care more.</blockquote> But, I might make the precise reverse choice. You have no way of knowing, and neither does the company who quasi-posted my data on the net. (As it happens, I don't have an SSN, but I have a CC, and the CC liability for me *does not fall back to the issuer* so I care little about the SSN and everything about the CC.) You need to show that risk is best off handled and understood at a global not personal level, and that relies on some flights of fancy like "government knows better" or "my risk profile is equal to yours." Bringing up “it costs too much” is a poor argument when we haven’t yet figured out what is the right thing to do. Although SB1386 was a big win, I don’t think we want to glorify it and claim it perfect. Before there was nothing, now there is something. We still have a lot more distance to travel.
The fundamental reason you have to be notified is that you are the only one who can properly assess your own risk. You have more info on these risks than anyone else; the person who lost the info has none of this information.
So you are right in saying:

When the personal data being lost is a credit card number, I don’t care that much. When it’s medical data, my national id number, or other data which can be used to harm people, I care more.

But, I might make the precise reverse choice. You have no way of knowing, and neither does the company who quasi-posted my data on the net. (As it happens, I don’t have an SSN, but I have a CC, and the CC liability for me *does not fall back to the issuer* so I care little about the SSN and everything about the CC.)
You need to show that risk is best off handled and understood at a global not personal level, and that relies on some flights of fancy like “government knows better” or “my risk profile is equal to yours.”

]]>