BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reporting Dataloss

From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Sat, 3 May 2008 19:48:39 -0400
 
By my records, and that of state legislator website, Kentucky does not have
a breach law: http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm (as
of may 1, 2008). That being said, Chris Walsh's suggestions seem reasonable.

 
cheers,
sasha

________________________________
        From: Aaron Allen [mailto:aaron () trifault net] 
        Sent: Saturday, May 03, 2008 7:18 PM
        To: Sasha Romanosky
        Cc: dataloss () attrition org
        Subject: Re: [Dataloss] Reporting Dataloss
        
        It was indeed the FTC and not the FCC.  Too many TLAs in the
government, sorry about that :)
        
        The state is KY.
        
        The superintendent of the school is aware of the issue, and to be
fair, it was actually the vendor that leaked the information (now, whether
or not the vendor should have had the information is another question
entirely).  I believe the vendor (and thus the location of the breach) was
in MD, which complicates things a little more.  The data was available in
"sample reports" that were publicly available on the vendor's website
(easily googled).  There were certainly not hidden or obscured in anyway
whatsoever.
        


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: