BreachExchange mailing list archives
Re: A data security breach legislation question
From: Chris Walsh <chris () cwalsh org>
Date: Wed, 12 Mar 2008 15:00:50 -0500
On Wed, Mar 12, 2008 at 04:30:23AM -0800, Rob Shavell wrote:
following from this: what is the importance to an organization of reading through particulars of state by state legislation when they can just follow California, notify everyone, and be in compliance?
There are substantial differences among the state laws. In NC, the data needn't be computerized. In several (not CA) states, a report must be made to the state as well as to impacted parties. In some states, encryption gets you off the hook, in others, redaction is good enough. In others, even a password(!) is good enough. I understand the "meet the strictest requirement" philosophy, but California isn't it. Until there is consistency across states, a la the uniform commercial code, it behooves you to be up on what each state requires. That said, "somebody" should just offer this as a service. IANAL, but it seems like the kind of thing that would be quite easy to do. cw _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: A data security breach legislation question, (continued)
- Re: A data security breach legislation question Susan Orr (Mar 10)
- Re: A data security breach legislation question Rob Shavell (Mar 12)
- Re: A data security breach legislation question Miller, Terry (Mar 12)
- SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Mark Simon (Mar 12)
- Re: SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Miller, Terry (Mar 12)
- Re: A data security breach legislation question Rebecca Herold (Mar 12)
- Re: A data security breach legislation question Craig Muller (Mar 12)
- Re: A data security breach legislation question Michael Hill, CITRMS (Mar 12)
- Re: A data security breach legislation question Beth Givens (Mar 12)
- Re: A data security breach legislation question Peyton, Janet P. (Mar 12)
- Re: A data security breach legislation question Chris Walsh (Mar 12)