BreachExchange mailing list archives
Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)
From: lyger <lyger () attrition org>
Date: Fri, 6 Jun 2008 23:31:36 +0000 (UTC)
While outdated by a few months and not accounting for recently added/updated state laws, this document provides a quick overview of which states provide exemptions for encrypted data: http://www.scottandscottllp.com/resources/state_data_breach_notification_law.pdf On Fri, 6 Jun 2008, Arshad Noor wrote: ": " ": " ----- Original Message ----- ": " From: "security curmudgeon" <jericho () attrition org> ": " To: dataloss () attrition org ": " Sent: Friday, June 6, 2008 1:06:01 PM (GMT-0800) America/Los_Angeles ": " Subject: Re: [Dataloss] time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) ": " ": " ": " Taking this one step farther, what if the tape *is* encrypted using really ": " strong encryption and the tape is lost. Does the company have to warn ": " customers? ": " ": " Certainly not in California. The Breach Disclosure law (originally ": " SB-1386) provides a safe-harbor for encrypted data. Not sure what the ": " other 42 US states do, but they modeled their laws along the lines of ": " California's to the best of my knowledge. ": " ": " If not, will that lead to companies claiming strong encryption ": " regardless,.... ": " ": " This is a weakness in all Breach Disclosure laws. They do not specify ": " the type of encryption. While I agree that lawmakers are not the most ": " qualified people to determine appropriate ciphers, they could have at ": " least pointed to NIST standards as the minimum. That would have given ": " us 3DES and AES encryption. Right now, we have nothing. Very short- ": " sighted. ": " ": " Arshad Noor ": " StrongAuth, Inc. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- MORE BNY (Mellon Corp) Tapes lost Henry Brown (Jun 06)
- Re: MORE BNY (Mellon Corp) Tapes lost TSG (Jun 06)
- time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) security curmudgeon (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Corcoran, Michele (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) security curmudgeon (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Arshad Noor (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) lyger (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Corcoran, Michele (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) DAIL, WILLARD A (Jun 06)
- Message not available
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) V. (Jun 07)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) Patricia Herberger (Jun 08)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) DAIL, WILLARD A (Jun 09)