Educause Security Discussion mailing list archives
Re: Pre-Breach Requirements - 18 States
From: Clifford Collins <collinsc () FRANKLIN EDU>
Date: Fri, 8 Jul 2011 15:53:20 -0400
Hello Jane, Great question! We do not have in-house legal counsel. But senior leadership has access to a law firm that is on retainer for situations they feel justify it. My concern was raised because our online degree programs (which is larger than our face-to-face programs) deliver classes to thousands of students in nearly all 50 states and in several dozen countries. It was the overwhelming task of complying with the privacy laws of every state and my stumbling onto the Crowell & Moring document that caused me to ask the question of leadership: what should we do? The response I got was they agreed it was a concern and to go find out what everybody else is doing. So, here I am! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product" ----- Original Message ----- From: "Jane E. Rosenthal" <jer () ku edu> To: "Clifford Collins" <collinsc () FRANKLIN EDU> Cc: SECURITY () LISTSERV EDUCAUSE EDU Sent: Friday, July 8, 2011 12:11:58 PM Subject: RE: Pre-Breach Requirements - 18 States Hi Cliff, Can you tell me if your attorneys have determined that you have to comply with all 50 (or 46) state requirements rather than merely your own state? This has been a discussion here and I’m interested in what EDUs are thinking on this. Jane _____________________ Jane E. Rosenthal Director | Privacy Office The University of Kansas Voice +1.785.864.9528 | Fax +1.785.864.4463 Email jer () ku edu | Web http://www.privacy.ku.edu The information transmitted by this email communication, including any additional pages or attachments, is only for the intended recipient and may contain confidential and/or privileged material. Any interception, review, retransmission, disclosure, dissemination, or other use and/or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at (785) 864-4904, and delete the communication from any computer or network system or dispose of the documents as directed. Thank you. From: Clifford Collins [mailto:collinsc () FRANKLIN EDU] Sent: Wednesday, July 06, 2011 10:39 AM Subject: Pre-Breach Requirements - 18 States Hello Security Compatriots, I was searching the web for info on which states have laws require some kind of breach notification and encountered this document from the law firm Crowell & Moring LLP: http://www.crowell.com/pdf/securitybreachtable.pdf In the right-hand column is a yes/no section on required "pre-breach measures." There are 18 states listed as having them. Anybody aware of these requirements? Have you done something about it? If so, what have you done? It would be great to have a "template" to work from! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Current thread:
- Pre-Breach Requirements - 18 States Clifford Collins (Jul 06)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)
- Re: Pre-Breach Requirements - 18 States SCHALIP, MICHAEL (Jul 06)
- Re: Pre-Breach Requirements - 18 States Doug Markiewicz (Jul 08)
- <Possible follow-ups>
- Re: Pre-Breach Requirements - 18 States Dexter Caldwell (Jul 06)
- Re: Pre-Breach Requirements - 18 States Rosenthal, Jane E. (Jul 08)
- Re: Pre-Breach Requirements - 18 States Clifford Collins (Jul 08)
- Re: Pre-Breach Requirements - 18 States Steve Bohrer (Jul 09)
- Re: Pre-Breach Requirements - 18 States Dan Han/HSC/VCU (Jul 12)
- Re: Pre-Breach Requirements - 18 States Allison F Dolan (Jul 09)
- Re: Pre-Breach Requirements - 18 States Jack Suess (Jul 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 02)
- Re: Pre-Breach Requirements - 18 States Irish, Adrian L (Aug 02)
- Re: Pre-Breach Requirements - 18 States David C Kovarik (Aug 03)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)