Friday, August 31, 2007

Fun Read: Harvard Biz Review Data Loss Case

This is an enlightening (if fictional) data breach story at a retailer, involving PCI, data theft, lawyers, breach disclosure and a lot of painful decisions by the exec team. Those who never were in such situations should read in order to at least take a peek at what might happen to your organization in the near future ....

Especially fun things to notice:

- an opinion by their legal that "If we disclose, we’ll probably get sued"
- environment complexity which doesn't allow them to pinpoint the breach

The sad part is that the story is kinda unfinished... Please, please, write it all the way to the end :-)

UPDATE: another set of fun comments on this story is available here. Chris makes an insightful comments about the team going thru "all seven distinct stages of the data breach grieving process" :-)

Dr Anton Chuvakin