FWIW, Norwiches policy is hardly a model policy.
It does not give any information as to HOW the
PII information is stored, and for how long.
That alone demonstrates clearly to the estute
observer that if good PCI practices are not
in place yet another data breach is possible if
not likely.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
many security obligations
I disagree with the commenter who complains that Norwich's policy "does not give any information as to HOW the PII information is stored." The commenter implies that if the policy fails to address HOW, then data are at risk. Yet the methods and standards an enterprise uses to store and protect data can be very complex, and constantly changing. The enterprise does not need to discuss those methods in a privacy policy in order to have legal obligations to protect the PII. Legislatures are enacting many new laws on data retention and security. --Ben http://hack-igations.blogspot.com/2007/08/unfairness-in-minnesotas-credit-card.html
Post new comment