BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A data security breach legislation question

From: "Rob Shavell" <slvrspoon () gmail com>
Date: Wed, 12 Mar 2008 04:30:23 -0800
hi all,
the question i have around US data breach notification legislation is this:

"why are we counting states?"

if most legislation applies to affected record-holders if they are
residents and 95% of breaches already either happen in a state with a
law or include records of persons residing in such states, then...
hasn't this basically become a necessity?

in other words, organizations had better just notify to be in compliance.

following from this: what is the importance to an organization of
reading through particulars of state by state legislation when they
can just follow California, notify everyone, and be in compliance?

bonus question: in your opinion, why are so many companies choosing to
include credit monitoring services for those affected?  a) altruism b)
just not that costly c) concern about downstream law-suits d) ?

rgds,
rob




On 10/03/2008, Susan Orr <susan () susanorrconsulting com> wrote:

I was just looking at the various states the other day, and there are
 some differences - some exempt encrypted information, some exclude
 financial institutions and others that are covered under other existing
 federal and state laws like GLBA.  One state I believe exempts "state
 agencies" Oklahoma I think.

 Didn't know it was up to 40, last I saw was 38.  I'll have to check it
 out, thanks.


 Rebecca Herold wrote:
 > Counting the District of Columbia, as of the end of October it was 40; see
 > http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07.pdf
 >
 > Best regards,
 >
 > Rebecca Herold
 > ----- Original Message -----
 > From: "Kalter, Sarah " <skalter () affiniongroup com>
 > To: "lyger" <lyger () attrition org>; <dataloss () attrition org>
 > Sent: Monday, March 10, 2008 10:07 AM
 > Subject: [Dataloss] A data security breach legislation question
 >
 >
 >
 >> Hi All,
 >>
 >> Does anyone happen to know how many states have enacted data security
 >> breach laws/legislation? And if so, which states?
 >>
 >> Thank you so much!
 >>
 >> Best,
 >> Sarah
 >> _______________________________________________
 >> Dataloss Mailing List (dataloss () attrition org)
 >> http://attrition.org/dataloss
 >>
 >> Tenable Network Security offers data leakage and compliance monitoring
 >> solutions for large and small networks. Scan your network and monitor your
 >> traffic to find the data needing protection before it leaks out!
 >> http://www.tenablesecurity.com/products/compliance.shtml
 >>
 >
 > _______________________________________________
 > Dataloss Mailing List (dataloss () attrition org)
 > http://attrition.org/dataloss
 >
 > Tenable Network Security offers data leakage and compliance monitoring
 > solutions for large and small networks. Scan your network and monitor your
 > traffic to find the data needing protection before it leaks out!
 > http://www.tenablesecurity.com/products/compliance.shtml
 >

_______________________________________________
 Dataloss Mailing List (dataloss () attrition org)
 http://attrition.org/dataloss

 Tenable Network Security offers data leakage and compliance monitoring
 solutions for large and small networks. Scan your network and monitor your
 traffic to find the data needing protection before it leaks out!
 http://www.tenablesecurity.com/products/compliance.shtml




_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: