Security Incidents mailing list archives
RE: California State Bill SB1386
From: "Jonathan A. Zdziarski" <jonathan () networkdweebs com>
Date: Sun, 23 Mar 2003 22:21:50 -0500
of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."
It seems to me that the language used in this bill suggests that notification would be necessary if the unencrypted information _COULD HAVE BEEN ACQUIRED_ .... NOT that the unencrypted information itself was _TRANSMITTED_....so to me that says if there is a reasonable chance that the information that was stolen (even if encrypted) could be decrypted into plain text (either via a weak encryption scheme such as ROT13 or if there's evidence the keys were stolen as well), that it would need to be reported. I think this clears up some of your other questions as well. ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfihl1
Current thread:
- California State Bill SB1386 Steve Zenone (Mar 22)
- RE: California State Bill SB1386 Jonathan A. Zdziarski (Mar 24)
- RE: California State Bill SB1386 Steve Zenone (Mar 24)
- RE: California State Bill SB1386 Jonathan A. Zdziarski (Mar 26)
- Re: California State Bill SB1386 Rodrigo Barbosa (Mar 26)
- RE: California State Bill SB1386 System Administrator (Mar 26)
- Re: California State Bill SB1386 Anders Reed Mohn (Mar 26)
- Re: California State Bill SB1386 Cliff Gilley (System Admin, HolyElvis.com) (Mar 28)
- RE: California State Bill SB1386 Steve Zenone (Mar 24)
- RE: California State Bill SB1386 Jonathan A. Zdziarski (Mar 24)
- <Possible follow-ups>
- RE: California State Bill SB1386 Rohrer, Mark E (Mar 26)