Educause Security Discussion mailing list archives
Re: Details of New York Data Breach Bill?
From: Keith Schoenefeld <schoenk () UTULSA EDU>
Date: Tue, 15 Nov 2005 12:08:24 -0600
Am I reading this completely wrong, or does it not require notification of affected people that are not New York residents? -- KS Karl D. Hassler wrote:
Link to the New York State Technology Law: http://public.leginfo.state.ny.us/menugetf.cgi?COMMONQUERY=LAWS Go to the link - you may have to try twice - its slow. Click on GBS for General Business Law Click on Article 39-F; Click on Section 899-aa. It says that "Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization." To me, you must be doing business in New York to fall under this section of the law. To find section 208 of the State Technology Law (mentioned in both S3492 and A4254, from the above link: Click on STT for State Technology Click on Article 2 Click on Section 208 - Notification Section 208 only references State entities.
-- Keith Schoenefeld Manager of College Computer Services ENS Computer Services (ECS) College of Engineering and Natural Sciences The University of Tulsa Phone: 918-631-2548 Fax: 918-631-5089
Current thread:
- Details of New York Data Breach Bill? Karl D. Hassler (Nov 15)
- <Possible follow-ups>
- Re: Details of New York Data Breach Bill? Keith Schoenefeld (Nov 15)
- Re: Details of New York Data Breach Bill? Jimmy Kuo (Nov 18)
- Re: Details of New York Data Breach Bill? Walter Matystik (Nov 18)