BreachExchange mailing list archives
Re: They Take it Seriously? Oh, Sure - Criminally Liable?
From: Donald Aplin <DAplin () bna com>
Date: Wed, 10 Jan 2007 10:44:49 -0500
The vast majority of the 34 state-enacted data breach consumer notification laws only require notice if there is a breach of unencrypted data. A few of the newer ones added that it's still a covered breach if the encryption key goes missing at the same time encrypted data is lost. Perhaps more important are the risk of harm threshold provisions in many of the laws which do not require notification if after a "reasonable" investigation by the covered entity there is a determination that there was no actual damage or any reasonable risk of future harm done by the breach (this is consistent with the court examinations of breaches in which they pretty much uniformly do not consider the threat of potential ID theft to be actual damages). In short, the fox gets to guard the henhouse. Donald G. Aplin Legal Editor BNA's Privacy & Security Law Report (202) 452-4688 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 530 incidents over 7 years.
Current thread:
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? ray . hawkins (Jan 10)
- <Possible follow-ups>
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? Jeff Walker (Jan 10)
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? Donald Aplin (Jan 10)
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? George Toft (Jan 11)
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? Marcus Dolce (Jan 11)
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? Donald Aplin (Jan 10)
- Re: They Take it Seriously? Oh, Sure - Criminally Liable? DAIL, ANDY (Jan 11)