12 Quotes by Larry Ponemon

If a company has a breach and it wants to mitigate the potential costs and loss of customer trust they should start considering it as an important communication opportunity to prove to the customer that it cares about them,

Microsoft's P3P is not the full-blown P3P, ... Most of us thought that P3P would die. The fact that it is here and it is baked into the IE 6 browser -- I think that Microsoft should be applauded for being bold.

When you're dealing with millions of dollars of fines and not thousands of dollars, that's actually a wake up call to many organizations that right now are taking privacy issues too easily. I don't think it's a slap on the wrist.

There is a value proposition to protecting information and doing it right.

The fact that the White House site used Web bugs that do not capture personally identifiable information is irrelevant. The key issue is government officials were caught completely off-guard when reporters learned that Internet tracking technologies were planted on the White House's site.

We know a lot of organizations have posted privacy policies that they don't live by, ... We have to make it costly not to walk the walk. If you don't have an enforcement arm, you won't change bad players.

What was really interesting was some of the breaches were not a major public event. It's getting to be such a boring story. Really small breaches, ones that are less than 20,000 names, are not getting into the press at all.

Compliance with regulations ... that's not a big stick, ... When companies start losing customers, that can have a very significant economic effect.

Even if it's just 1 or 2 percent churn, it could be devastating to a company,