BreachExchange mailing list archives
Re: Reporting Dataloss
From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Sat, 3 May 2008 19:48:39 -0400
By my records, and that of state legislator website, Kentucky does not have a breach law: http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm (as of may 1, 2008). That being said, Chris Walsh's suggestions seem reasonable. cheers, sasha ________________________________ From: Aaron Allen [mailto:aaron () trifault net] Sent: Saturday, May 03, 2008 7:18 PM To: Sasha Romanosky Cc: dataloss () attrition org Subject: Re: [Dataloss] Reporting Dataloss It was indeed the FTC and not the FCC. Too many TLAs in the government, sorry about that :) The state is KY. The superintendent of the school is aware of the issue, and to be fair, it was actually the vendor that leaked the information (now, whether or not the vendor should have had the information is another question entirely). I believe the vendor (and thus the location of the breach) was in MD, which complicates things a little more. The data was available in "sample reports" that were publicly available on the vendor's website (easily googled). There were certainly not hidden or obscured in anyway whatsoever. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Reporting Dataloss Aaron Allen (May 03)
- Re: Reporting Dataloss Sasha Romanosky (May 03)
- Re: Reporting Dataloss Aaron Allen (May 03)
- Re: Reporting Dataloss Sasha Romanosky (May 03)
- Message not available
- Re: Reporting Dataloss Al Mac Wheel (May 03)
- Re: Reporting Dataloss Aaron Allen (May 03)
- Re: Reporting Dataloss Sasha Romanosky (May 03)
- Re: Reporting Dataloss Chris Walsh (May 03)
- <Possible follow-ups>
- Re: Reporting Dataloss Thomas Raef (May 03)