[Dshield] Fed Bill Would Restrict Web Server Logs

Tim Hollebeek tholleb at teknowledge.com
Wed Feb 15 16:49:51 GMT 2006

> On Wed, 15 Feb 2006 09:26:18 -0500
> "Paul Marsh" <pmarsh at nmefdn.org> opined:
> > 
> > Enough said, you hit the nail on the head!
> > 
> Our privacy policy includes a section on records retention. 
> What this bill really requires is for web admins to 
> REASONABLY define exactly what constitutes a "business purpose."

Bank of America put my name, address, and SSN on a laptop, left
it in a car, and let it get stolen.

They assured me that they had a legitimate business purpose for
doing that (except the stolen part, of course), but they wouldn't
say what it was.

I'm not sure these sorts of efforts will make any difference,
especially if they aren't forced to publicly disclose their
data retention policies for potential public ridicule.

More information about the list mailing list