BreachExchange mailing list archives
Re: FOIA request(s)?
From: Chris Walsh <chris () cwalsh org>
Date: Tue, 5 Feb 2008 21:33:16 -0600
Sean:Only a few states require breaches to be reported to any kind of state agency -- NY, NJ, NH, NC and (IIRC) ME are the ones. I FOIA'ed NJ, NC, and NY. NH publishes breach reports on a web site anyway, and I haven't tried ME yet. IN may join the club, but the law hasn't been passed as yet.
Results:NY has been very forthcoming. I have every breach report they have received from the start of their law until mid-2007. Another request will go out in a week or so. NC was slower than NY, but sent me a bunch of stuff. I owe them another request. NJ says the info is exempt from disclosure because it is reported to the state police. This is debatable, IMNSHO. I am surprised a suit hasn't been filed.
Drop me a line if you want a zip file of the docs I have scanned so far. cw On Feb 5, 2008, at 1:58 PM, Sean Steele wrote:
Hi all, I’m looking for advice regarding and experiences with FOIA requests to state/municipal government(s), for data breach and related information. Have you been able to successfully request, if so how, do you have tips, tricks, hints, strategies, etc.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- FOIA request(s)? Sean Steele (Feb 05)
- Re: FOIA request(s)? Chris Walsh (Feb 05)