Educause Security Discussion mailing list archives
Re: Pre-Breach Requirements - 18 States
From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Wed, 6 Jul 2011 13:01:47 -0600
What about those state that aren't listed?.....where would we look? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Solem, Vik P. Sent: Wednesday, July 06, 2011 10:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Pre-Breach Requirements - 18 States Sounds like a question for Crowell & Moring, but for Massachusetts there are requirements that entities must meet before they take personal information. (e.g. a Written Information Security Plan or WISP) Mass does publish a checklist... of course compliance != security, IANAL, and YMMV. http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf -Vik On Jul 6, 2011, at 11:38 , Clifford Collins wrote:
Hello Security Compatriots, I was searching the web for info on which states have laws require some kind of breach notification and encountered this document from the law firm Crowell & Moring LLP: http://www.crowell.com/pdf/securitybreachtable.pdf In the right-hand column is a yes/no section on required "pre-breach measures." There are 18 states listed as having them. Anybody aware of these requirements? Have you done something about it? If so, what have you done? It would be great to have a "template" to work from! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem () tufts edu / 617-627-4326 InfoSec Team: information_security () tufts edu / 617-627-6070 Check Out the UIT Information Security Team blog https://wikis.uit.tufts.edu/confluence/display/infosecteamblog -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Pre-Breach Requirements - 18 States Clifford Collins (Jul 06)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)
- Re: Pre-Breach Requirements - 18 States SCHALIP, MICHAEL (Jul 06)
- Re: Pre-Breach Requirements - 18 States Doug Markiewicz (Jul 08)
- <Possible follow-ups>
- Re: Pre-Breach Requirements - 18 States Dexter Caldwell (Jul 06)
- Re: Pre-Breach Requirements - 18 States Rosenthal, Jane E. (Jul 08)
- Re: Pre-Breach Requirements - 18 States Clifford Collins (Jul 08)
- Re: Pre-Breach Requirements - 18 States Steve Bohrer (Jul 09)
- Re: Pre-Breach Requirements - 18 States Dan Han/HSC/VCU (Jul 12)
- Re: Pre-Breach Requirements - 18 States Allison F Dolan (Jul 09)
- Re: Pre-Breach Requirements - 18 States Jack Suess (Jul 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 02)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)