Slashdot Mirror

← Back to Stories (view on slashdot.org)

CA Law Demands Public Disclosure Of Break-Ins

Posted by timothy on from the police-blotter dept.

AuntieMisha writes "BusinessWeek has an article about a new California law passed that requires businesses to publicly disclose information about break-ins. The only loophole is if there is an ongoing investigation and if the disclosure would harm the investigation. IMHO Big companies will have the resources to set up investigations even when they know it is unlikely to get anywhere, and business will go on as usual for them. Small businesses that don't have the resources to maintain an investigation will have their reputations ruined. Also, the article doesn't mention the contingency where a break-in occurs because of a software/hardware issue for which there is no released technical solution (i.e. anyone else who has software X would be susceptible to the same type of break-in). This is not good."

6 of 188 comments (clear)

  1. Misread by verloren · · Score: 4, Funny

    Computer Associates is writing laws now? And I thought Microsoft had influence with the gov..

    oh, right, California...

  2. Re:But how do you enforce this? by bovilexics · · Score: 5, Funny

    From the article...

    • Come July 1, 2003, those who fail to disclose that a breach has occurred could be liable for civil damages or face class actions.

    They (the CA government) don't need to audit or enforce anything. It is self-enforcing for those businesses that feel they may be sued and have to pay monetary payments for NOT reporting the incident. If a given company doesn't feel it can be successfully sued due to the incident then there probably wouldn't be a public reporting of it.

    It's just a CYA that would have to be handled on a case by case basis for each company and wouldn't be enforced by auditors and the like.

    --
    Are you bovilexic? Moo!
  3. Re:The bigger picture by Kamel+Jockey · · Score: 5, Funny

    that won't help me if Bob Hacker over here can make it look like I never invested in the first place

    For some of us, this could be a very good thing!

    --
    In case of fire, do not use elevator. Use water!
  4. New business opportunity by kawika · · Score: 4, Funny

    >> The only loophole is if there is an ongoing investigation

    I would like to point out that ongoinginvestigation.com is still available for registration. Imagine the business you'll get in California! Certainly it will be worth a few bucks a month to a company's reputation to hire you to keep the investigation ongoing.

  5. Lawmaker Cluelessness and Double-Standard by limekiller4 · · Score: 4, Funny

    On one hand you have lawmakers calling hackers 'thugs' and 'criminals' because -- and this is generally after months of reporting the problem to, say, Microsoft -- they notify the public that there is a security hole.

    NOW they're going to make it illegal to not notify the public. Is telling the world about a security breach irresponsible or isn't it?

    Yeesh. I feel like the whole gang from Bloom County who didn't know if they were watching "F Troop" or CNN and thus whether they should be enjoying the carnage or not.

    --
    My .02,
    Limekiller
  6. Interactions with Berman cyber-vigilante billl? by extremecenter · · Score: 4, Funny

    So if Ca. Congresscritter Berman's cyber vigilante bill passes, there will be a surefire method of dealing with pesky business competitors: attack their systems on the pretext that they might have some of your copyrighted data. If they report the breakin, they'll get bad publicity. If they don't report it, have your lawyers point out that fact to the appropriate authorites and they get busted for not reporting the breakin, also generating bad publicity for them. On the upside, this looks like a full-employment bill for security types.