Educause Security Discussion mailing list archives

Re: Details of New York Data Breach Bill?

From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Mon, 14 Nov 2005 14:06:49 -0700

Most states that have enacted this law (now 21 states) have included in
the provisions "any company that conducts business in <insert state>
and/OR owns or licenses computerized data that includes private
information about a <insert state> resident, has a legal obligation...".

This article could be erroneous in it's paraphrasing of this law.  I
have pulled the entire law from the New York State Assembly Web Page,
and even still cannot be certain that all entities that conduct
business in NY are under the umbrella of this law.

The bill itself refers to the "state technology law" and the "general
business law".

Here is the link to the New York State Assembly page that reproduces
the EXACT law:  http://assembly.state.ny.us/leg/?bn=A04254&sh=t

On Sat, 12 Nov 2005, Ken Connelly wrote:

This article states "As long as a company conducts business in New

York

and owns or licenses computerized data that include private

information

about a New York resident, it has a legal obligation to notify ...".

I am interpreting this to NOT mean an institution outside of New York

that

has students that have retained their New York residency.

Any legal minds wish to comment ?

This article seems to be fairly complete and yet not overly long.
http://www.jonesday.com/pubs/pubs_detail.aspx?pubid=455622903

CHARLES MORROW-JONES wrote:

According to an Infoworld story datelined last Friday* there is a

New York data breach notification statute scheduled to go into effect
next month that appears to be fairly stringent.


Could someone who is familiar with the statute inform the list

about its provisions, particularly as they might pertain to students
who attend universities in other states but who maintain their NY
residency?


Thanks,
Charles R. Morrow-Jones
Director, Security
Office of the CIO
The Ohio State University
morrow-jones.2 () osu edu -or- 614.292.1302

*http://www.infoworld.com/article/05/11/11/HNdatabreachbill_1.htm



----------------------------------------------------------------------

Dick Jacobson                 e-mail : Dick.Jacobson () ndus NoDak edu
ND HECN MultiUser Host SysAd  office : IACC 206, NDSU
NDUS IT Security Officer      phone  : 701-231-7385
----------------------------------------------------------------------

--

Current thread:

Details of New York Data Breach Bill? CHARLES MORROW-JONES (Nov 12)
- <Possible follow-ups>
- Re: Details of New York Data Breach Bill? Ken Connelly (Nov 12)
- Re: Details of New York Data Breach Bill? Melissa Guenther (Nov 13)
- Re: Details of New York Data Breach Bill? Cuocco, Patricia (Nov 14)
- Re: Details of New York Data Breach Bill? Tracy Mitrano (Nov 14)
- Re: Details of New York Data Breach Bill? Dick Jacobson (Nov 14)
- Re: Details of New York Data Breach Bill? Sarah Stevens (Nov 14)