BreachExchange mailing list archives
Re: complete/official list of security breach disclosures
From: Adam Shostack <emergentchaos () gmail com>
Date: Wed, 1 Feb 2006 20:13:00 -0500
The only state requiring a notice (to the attorney general's office) is New York, as of Jan 1, 2006 The best sources are the privacy rights clearinghouse page, and the pages linked from there (including our page at http:/www.emergentchaos.com/archives/cat_breaches.html) . There are some people talking about building a database of things, but its all volunteer effort. Adam On Feb 1, 2006, at 8:02 PM, Bill Yurcik wrote:
It was a great idea to start this list! Maybe someone can help me. I have been looking for a complete list of security breach disclosures. While its nice to have different lists of high profile disclosures what would be interesting would be find out how many total disclosures and the distributions of size and type. The SB-1386 law in California requires companies to contact customers affected by breaches. I checked with the California Attorney General's Office and there are no government records being kept there since companies are not required to contact any government entity. The papers report the high profile breaches -- basing any analysis on the media coverage would be skewed. Are there any states require public reporting of breaches? Since other states are modeling security breach laws after California's SB 1386 it would be great if somehow there could be a public reporting element added to these laws so data on all breaches can be collected and analyzed for fixing the right problems. Cheers! - Bill Yurcik/NCSA University of Illinois <byurcik () ncsa uiuc edu> _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
-- Emergent Chaos! My thoughts on security, privacy, economics, and the occasional giant pink bunny. http://www.emergentchaos.com _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- Colorado Tech University, 12/16/05 lyger (Feb 01)
- complete/official list of security breach disclosures Bill Yurcik (Feb 01)
- Re: complete/official list of security breach disclosures security curmudgeon (Feb 01)
- Re: complete/official list of security breach disclosures Nick Lewis (Feb 01)
- Re: complete/official list of security breach disclosures Saundra Kae Rubel (Feb 01)
- Re: complete/official list of security breach disclosures lyger (Feb 01)
- Re: complete/official list of security breach disclosures security curmudgeon (Feb 01)
- Message not available
- Re: complete/official list of security breach disclosures David Kovarik (Feb 01)
- complete/official list of security breach disclosures Bill Yurcik (Feb 01)
- Re: complete/official list of security breach disclosures Adam Shostack (Feb 01)
- Message not available
- Re: complete/official list of security breach disclosures blitz (Feb 01)