BreachExchange mailing list archives
Re: A data security breach legislation question
From: "Peyton, Janet P." <jpeyton () mcguirewoods com>
Date: Wed, 12 Mar 2008 11:05:55 -0400
It is important to look at the individual states because some have multiple notice requirements (for notifying not only the consumer but also the Attorney General's office, or in NY also notifying a state agency that deals with data breach, etc.) Also, if you take a look at Massachusetts, for example, it is a little different than California in terms of the specific topics that must be addressed in the notice letter. Until there is federal legislation that preempts the patchwork of state laws, it will continue to be important to analyze compliance state-by-state. Janet Peyton Janet P. Peyton Partner McGuireWoods LLP One James Center 901 East Cary Street Richmond, VA 23219-4030 804.775.1166 (Direct Line) 804.698.2230 (Direct FAX) jpeyton () mcguirewoods com This e-mail may contain confidential or privileged information. If you are not the intended recipient, please advise by return e-mail and delete immediately without reading or forwarding to others. -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Rob Shavell Sent: Wednesday, March 12, 2008 8:30 AM To: dataloss () attrition org Subject: Re: [Dataloss] A data security breach legislation question hi all, the question i have around US data breach notification legislation is this: "why are we counting states?" if most legislation applies to affected record-holders if they are residents and 95% of breaches already either happen in a state with a law or include records of persons residing in such states, then... hasn't this basically become a necessity? in other words, organizations had better just notify to be in compliance. following from this: what is the importance to an organization of reading through particulars of state by state legislation when they can just follow California, notify everyone, and be in compliance? bonus question: in your opinion, why are so many companies choosing to include credit monitoring services for those affected? a) altruism b) just not that costly c) concern about downstream law-suits d) ? rgds, rob On 10/03/2008, Susan Orr <susan () susanorrconsulting com> wrote:
I was just looking at the various states the other day, and there are
some differences - some exempt encrypted information, some exclude financial institutions and others that are covered under other existing federal and state laws like GLBA. One state I believe exempts "state agencies" Oklahoma I think. Didn't know it was up to 40, last I saw was 38. I'll have to check it out, thanks. Rebecca Herold wrote: > Counting the District of Columbia, as of the end of October it was 40; see >
http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07 .pdf
> > Best regards, > > Rebecca Herold > ----- Original Message ----- > From: "Kalter, Sarah " <skalter () affiniongroup com> > To: "lyger" <lyger () attrition org>; <dataloss () attrition org> > Sent: Monday, March 10, 2008 10:07 AM > Subject: [Dataloss] A data security breach legislation question > > > >> Hi All, >> >> Does anyone happen to know how many states have enacted data
security
>> breach laws/legislation? And if so, which states? >> >> Thank you so much! >> >> Best, >> Sarah >> _______________________________________________ >> Dataloss Mailing List (dataloss () attrition org) >> http://attrition.org/dataloss >> >> Tenable Network Security offers data leakage and compliance
monitoring
>> solutions for large and small networks. Scan your network and
monitor your
>> traffic to find the data needing protection before it leaks out! >> http://www.tenablesecurity.com/products/compliance.shtml >> > > _______________________________________________ > Dataloss Mailing List (dataloss () attrition org) > http://attrition.org/dataloss > > Tenable Network Security offers data leakage and compliance
monitoring
> solutions for large and small networks. Scan your network and
monitor your
> traffic to find the data needing protection before it leaks out! > http://www.tenablesecurity.com/products/compliance.shtml > _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: A data security breach legislation question, (continued)
- Re: A data security breach legislation question Rebecca Herold (Mar 10)
- Re: A data security breach legislation question Susan Orr (Mar 10)
- Re: A data security breach legislation question Rob Shavell (Mar 12)
- Re: A data security breach legislation question Miller, Terry (Mar 12)
- SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Mark Simon (Mar 12)
- Re: SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Miller, Terry (Mar 12)
- Re: A data security breach legislation question Rebecca Herold (Mar 12)
- Re: A data security breach legislation question Craig Muller (Mar 12)
- Re: A data security breach legislation question Michael Hill, CITRMS (Mar 12)
- Re: A data security breach legislation question Beth Givens (Mar 12)
- Re: A data security breach legislation question Peyton, Janet P. (Mar 12)
- Re: A data security breach legislation question Chris Walsh (Mar 12)