Re: Fw: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)

[Chris Walsh <chris () cwalsh org>]

The NY law does not consider encrypted information, regardless of its nature, to be private information as long as the 
encryption key remains protected.  The law requires notification when private information  has been or is reasonably 
believed to have been acquired by an unauthorized person.

(b) "Private information" shall mean personal information consisting of any information in
combination with any one or more of the following data elements, when either the
personal information or the data element is not encrypted, or encrypted with an
encryption key that has also been acquired

www.cscic.state.ny.us/lib/laws/documents/899-aa.pdf

I find it interesting that many of the various parties whose information was exposed have been identified not by BONY, 
or by any NY regulator, but by the *Connecticut* AG's office.


On Jun 6, 2008, at 6:34 PM, Mitch Tanenbaum - MC wrote:

Second, some states like NY, do do not have an encryption exclusion at all.


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml