Educause Security Discussion mailing list archives

Re: Pre-Breach Requirements - 18 States

From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Wed, 6 Jul 2011 13:01:47 -0600

What about those state that aren't listed?.....where would we look?

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Solem, 
Vik P.
Sent: Wednesday, July 06, 2011 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pre-Breach Requirements - 18 States

Sounds like a question for Crowell & Moring, but for Massachusetts there are requirements that entities must meet 
before they take personal information.  (e.g. a Written Information Security Plan or WISP)

Mass does publish a checklist...  of course compliance != security, IANAL, and YMMV.

http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf

-Vik

On Jul 6, 2011, at 11:38 , Clifford Collins wrote:

Hello Security Compatriots,
I was searching the web for info on which states have laws require some kind of breach notification and encountered 
this document from the law firm Crowell & Moring LLP:

    http://www.crowell.com/pdf/securitybreachtable.pdf

In the right-hand column is a yes/no section on required "pre-breach measures."  There are 18 states listed as having 
them. Anybody aware of these requirements? Have you done something about it?  If so, what have you done? It would be 
great to have a "template" to work from!

Clifford A. Collins
Information Security Officer
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"


Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem () tufts edu / 
617-627-4326 InfoSec Team: information_security () tufts edu / 617-627-6070

Check Out the UIT Information Security Team blog https://wikis.uit.tufts.edu/confluence/display/infosecteamblog

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Current thread:

Pre-Breach Requirements - 18 States Clifford Collins (Jul 06)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)
  - Re: Pre-Breach Requirements - 18 States SCHALIP, MICHAEL (Jul 06)
- Re: Pre-Breach Requirements - 18 States Doug Markiewicz (Jul 08)
- <Possible follow-ups>
- Re: Pre-Breach Requirements - 18 States Dexter Caldwell (Jul 06)
- Re: Pre-Breach Requirements - 18 States Rosenthal, Jane E. (Jul 08)
  - Re: Pre-Breach Requirements - 18 States Clifford Collins (Jul 08)
  - Re: Pre-Breach Requirements - 18 States Steve Bohrer (Jul 09)
    - Re: Pre-Breach Requirements - 18 States Dan Han/HSC/VCU (Jul 12)
  - Re: Pre-Breach Requirements - 18 States Allison F Dolan (Jul 09)
    - Re: Pre-Breach Requirements - 18 States Jack Suess (Jul 09)
    - Re: Pre-Breach Requirements - 18 States j.price (Aug 09)
    - Re: Pre-Breach Requirements - 18 States j.price (Aug 02)

(Thread continues...)