Re: FOIA request(s)?

[Chris Walsh <chris () cwalsh org>]

Sean:

Only a few states require breaches to be reported to any kind of state  
agency --  NY, NJ, NH, NC and (IIRC) ME are the ones.  I FOIA'ed NJ,  
NC, and NY.  NH publishes breach reports on a web site anyway, and I  
haven't tried ME yet.  IN may join the club, but the law hasn't been  
passed as yet.

Results:

NY has been very forthcoming.  I have every breach report they have  
received from the start of their law until mid-2007.  Another request  
will go out in a week or so.
NC was slower than NY, but sent me a bunch of stuff.  I owe them  
another request.
NJ says the info is exempt from disclosure because it is reported to  
the state police.  This is debatable, IMNSHO.  I am surprised a suit  
hasn't been filed.

Drop me a line if you want a zip file of the docs I have scanned so far.

cw

On Feb 5, 2008, at 1:58 PM, Sean Steele wrote:

> Hi all, I’m looking for advice regarding and experiences with FOIA  
> requests to state/municipal government(s), for data breach and  
> related information. Have you been able to successfully request, if  
> so how, do you have tips, tricks, hints, strategies, etc.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml