Educause Security Discussion mailing list archives

Re: Details of New York Data Breach Bill?

From: "Cuocco, Patricia" <Pcuocco () CALSTATE EDU>
Date: Mon, 14 Nov 2005 08:54:43 -0800

The California State University has 23 campuses - several of which have
experienced data breaches since our law went into effect.  We have had
as many as 200,000 names and SSNs compromised and as few as 157.  I
personally handled one that was 23,500 names.  

The impact has been to cause us to think seriously about how to protect
against breaches.  We've also learned that many of the vulnerabilities
occur in places or departments over which the CIO has little control.
Our CIO group is discussing how best to address these vulnerabilities.

Don't know what else I can tell you except that knowing ahead of time
how you will respond is critical.  A campus strategy that includes
Public Affairs and press relations is essential.

Patricia 


-----Original Message-----
From: Melissa Guenther [mailto:mguenther () COX NET] 
Sent: Sunday, November 13, 2005 7:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Details of New York Data Breach Bill?


California has had a similar law in effect for a few years - maybe one
of 
the California Universities can share their experiences as to how it 
impacted their environments.
----- Original Message ----- 
From: "CHARLES MORROW-JONES" <morrow-jones.2 () OSU EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Saturday, November 12, 2005 6:04 PM
Subject: [SECURITY] Details of New York Data Breach Bill?

According to an Infoworld story datelined last Friday* there is a New 
York
data breach notification statute scheduled to go into effect next

month

that appears to be fairly stringent.

Could someone who is familiar with the statute inform the list about 
its
provisions, particularly as they might pertain to students who attend 
universities in other states but who maintain their NY residency?

Thanks,
Charles R. Morrow-Jones
Director, Security
Office of the CIO
The Ohio State University
morrow-jones.2 () osu edu -or- 614.292.1302

*http://www.infoworld.com/article/05/11/11/HNdatabreachbill_1.htm

Current thread:

Details of New York Data Breach Bill? CHARLES MORROW-JONES (Nov 12)
- <Possible follow-ups>
- Re: Details of New York Data Breach Bill? Ken Connelly (Nov 12)
- Re: Details of New York Data Breach Bill? Melissa Guenther (Nov 13)
- Re: Details of New York Data Breach Bill? Cuocco, Patricia (Nov 14)
- Re: Details of New York Data Breach Bill? Tracy Mitrano (Nov 14)
- Re: Details of New York Data Breach Bill? Dick Jacobson (Nov 14)
- Re: Details of New York Data Breach Bill? Sarah Stevens (Nov 14)