[ic] User options

Kevin Walsh kevin at cursor.biz
Thu Apr 6 12:07:40 EDT 2006


Peter <peter at pajamian.dhs.org> wrote:
> under state laws in California and 
> many other states and under a proposed Fedral law, if your customers' 
> private data is compromised in an attack on your servers you are 
> required by law to notify everyone who might have had thier data 
> compromised. If the attacker only got encrypted data but cannot decrypt  
> it then there's nothing that was compromised.
>
Not true.  If the customer's name, address and telephone number etc. is
not considered private then their list of previous orders certainly is.

If your server got cracked then you'd have a lot of explaining to do to
a lot of people.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/


More information about the interchange-users mailing list