Breach Notification Escape Mechanisms (fwd)

[lyger <lyger () attrition org>]

Forwarded from: blitz <blitz () strikenet kicks-ass net>

NY's law was a late to be enacted, and because of input from previous
experiences, (notably California) and some work from people working
in the interest of data security, (cof)  it thus avoided the more
obvious loopholes. It was crafted as airtight as possible. The
legislative process had absolutely no idea of where to start, they
initially looked at the CA law as good, but insisted it be better.
The result is what they came up with. So let it be known, NY DID get
something right.

Now, if they would actually prosecute those flouting it. NY has a
long history of selective prosecutions, but they usually rise in an
election year. It depends on who's contributing to whom.


At 16:01 3/21/2006, Chris Walsh wrote:

> Rob Lemos has expanded his original article to note that NY's law
> doesn't have the loopholes discussed in his piece.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/