BreachExchange mailing list archives
Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)
From: Arshad Noor <arshad.noor () strongauth com>
Date: Fri, 6 Jun 2008 19:13:39 -0400 (EDT)
----- Original Message ----- From: "security curmudgeon" <jericho () attrition org> To: dataloss () attrition org Sent: Friday, June 6, 2008 1:06:01 PM (GMT-0800) America/Los_Angeles Subject: Re: [Dataloss] time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Taking this one step farther, what if the tape *is* encrypted using really strong encryption and the tape is lost. Does the company have to warn customers? Certainly not in California. The Breach Disclosure law (originally SB-1386) provides a safe-harbor for encrypted data. Not sure what the other 42 US states do, but they modeled their laws along the lines of California's to the best of my knowledge. If not, will that lead to companies claiming strong encryption regardless,.... This is a weakness in all Breach Disclosure laws. They do not specify the type of encryption. While I agree that lawmakers are not the most qualified people to determine appropriate ciphers, they could have at least pointed to NIST standards as the minimum. That would have given us 3DES and AES encryption. Right now, we have nothing. Very short- sighted. Arshad Noor StrongAuth, Inc. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- MORE BNY (Mellon Corp) Tapes lost Henry Brown (Jun 06)
- Re: MORE BNY (Mellon Corp) Tapes lost TSG (Jun 06)
- time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) security curmudgeon (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Corcoran, Michele (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) security curmudgeon (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Arshad Noor (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) lyger (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Corcoran, Michele (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) DAIL, WILLARD A (Jun 06)
- Message not available
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) V. (Jun 07)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) Patricia Herberger (Jun 08)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) DAIL, WILLARD A (Jun 09)