Educause Security Discussion mailing list archives
Re: Pre-Breach Requirements - 18 States
From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Fri, 8 Jul 2011 08:49:05 -0400
Based on some of their other published documentation, pre-breach measures is referring primarily to safeguard and disposal requirements that many states have. http://www.crowell.com/documents/DOCASSOCFKTYPE_PRESENTATIONS_862.pdf Kind of a strange way to refer to these requirements if you ask me. In any case, many states passed such requirements in conjunction with or shortly following their breach notification laws. Just as a random example, Arkansas included provisions for safeguarding data, data disposal and breach notification in their Personal Information Protection Act. See Title 4 Subtitle 7 Chapter 110 of the Arkansas Code. http://www.lexisnexis.com/hottopics/arcode/ We don't have any such provisions in PA that I'm aware of, but we still try to keep an eye on things. Most are vague enough that our existing security program addresses any concerns. We keep a closer eye on California and Massachusetts since they seem to be paving the way and, to my knowledge, have the most stringent requirements. The National Conference of State Legislatures has a list of states who have data disposal laws. According to them, there are currently 29. http://www.ncsl.org/default.aspx?tabid=21075 Unfortunately I've not seen any NCSL publications that list all states with data safeguard requirements. Hope that helps. Cheers, Doug
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clifford Collins Sent: Wednesday, July 06, 2011 11:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Pre-Breach Requirements - 18 States Hello Security Compatriots, I was searching the web for info on which states have laws require some kind of breach notification and encountered this document from the law firm Crowell & Moring LLP: http://www.crowell.com/pdf/securitybreachtable.pdf In the right-hand column is a yes/no section on required "pre-breach measures." There are 18 states listed as having them. Anybody aware of these requirements? Have you done something about it? If so, what have you done? It would be great to have a "template" to work from! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Current thread:
- Pre-Breach Requirements - 18 States Clifford Collins (Jul 06)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)
- Re: Pre-Breach Requirements - 18 States SCHALIP, MICHAEL (Jul 06)
- Re: Pre-Breach Requirements - 18 States Doug Markiewicz (Jul 08)
- <Possible follow-ups>
- Re: Pre-Breach Requirements - 18 States Dexter Caldwell (Jul 06)
- Re: Pre-Breach Requirements - 18 States Rosenthal, Jane E. (Jul 08)
- Re: Pre-Breach Requirements - 18 States Clifford Collins (Jul 08)
- Re: Pre-Breach Requirements - 18 States Steve Bohrer (Jul 09)
- Re: Pre-Breach Requirements - 18 States Dan Han/HSC/VCU (Jul 12)
- Re: Pre-Breach Requirements - 18 States Allison F Dolan (Jul 09)
- Re: Pre-Breach Requirements - 18 States Jack Suess (Jul 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 02)
- Re: Pre-Breach Requirements - 18 States Irish, Adrian L (Aug 02)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)