| Riassunto: | Few weeks have passed in recent years without news of yet another data security breach that has the potential to impact upon the privacy of individuals. Following each event, there is signficant coverage in both the mainstream media and the trade press; there is much handwringing; the organisation involved might be damaged financially or reputationally, or both); there will be guesses as to the long-term effects on the individuals concerned; and then things move on . . . until the next incident occurs, when the cycle is repeated. While some fields have a long-standing culture of learning lessons from disasters, giving rise to new and/or improved processes | both for the organisation itself and for the relevant sector as a whole | for a variety of reasons this is not the case in information security. We argue that a culture shift is necessary, and that the publication of well researched case studies describing privacy breaches, which has the potential to be impactful in a variety of ways, is well overdue.
|
|---|