BreachExchange mailing list archives
Re: Fw: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)
From: Chris Walsh <chris () cwalsh org>
Date: Fri, 6 Jun 2008 20:53:08 -0500
The NY law does not consider encrypted information, regardless of its nature, to be private information as long as the encryption key remains protected. The law requires notification when private information has been or is reasonably believed to have been acquired by an unauthorized person. (b) "Private information" shall mean personal information consisting of any information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted, or encrypted with an encryption key that has also been acquired www.cscic.state.ny.us/lib/laws/documents/899-aa.pdf I find it interesting that many of the various parties whose information was exposed have been identified not by BONY, or by any NY regulator, but by the *Connecticut* AG's office. On Jun 6, 2008, at 6:34 PM, Mitch Tanenbaum - MC wrote: Second, some states like NY, do do not have an encryption exclusion at all. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Marjorie Simmons (Jun 06)
- <Possible follow-ups>
- Fw: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Mitch Tanenbaum - MC (Jun 06)
- Re: Fw: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Chris Walsh (Jun 06)