Mar. 15, 2023
March 15, 2023 Big kudos to Hester Pierce for saying all comments need addressed before attempting to push this out. If I missed anyone else who championed that mindset, then kudos to them too. While data stewards should provide and limit 3rd party sharing, we all should know they create multiple companies so when we \"opt out\" our data is shared from one of many others. Disclosure is great, however if are not aware the average breach is not discovered for 277 days..and usually it is a 3rd party who finds it and reports it, then you have jumped the gun for your mission. If you mission is, at a high level, to penalize those who do not a) \"due diligence\" data privacy b) disclose timely then your mission is easy. Any more and the systemic cyber risk arena is filled with tripwire - most simply cannot quantify risk to make business decisions, cyber risk is prevalent otherwise business ceases to exist, most frameworks create gaps which snowballs to a resource consumption black hole and more