The government must assess the risk associated with certain data types so companies aren’t notifying consumers every time a breach of even noncritical data occurs,” asserts Jerry Cerasale of the Direct Marketing Association (DMA), a New York-based trade association representing more than 5,200 direct, database and interactive marketers.
Fred Cohen, a principal analyst at Burton Group (Midvale, Utah), says enterprises should consider creating new positions or morphing existing ones to prepare for such legislation. “The position of a chief information security officer (CISO) exists at many large firms, but it has not been a C-level position,” says Cohen.
http://www.banktech.com/showArticle.jhtml?articleID=177102701