From: Chris Walsh (chriscwalsh.org)
Date: Tue Feb 05 2008 - 21:33:16 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sean:

Only a few states require breaches to be reported to any kind of state
agency -- NY, NJ, NH, NC and (IIRC) ME are the ones. I FOIA'ed NJ,
NC, and NY. NH publishes breach reports on a web site anyway, and I
haven't tried ME yet. IN may join the club, but the law hasn't been
passed as yet.

Results:

NY has been very forthcoming. I have every breach report they have
received from the start of their law until mid-2007. Another request
will go out in a week or so.
NC was slower than NY, but sent me a bunch of stuff. I owe them
another request.
NJ says the info is exempt from disclosure because it is reported to
the state police. This is debatable, IMNSHO. I am surprised a suit
hasn't been filed.

Drop me a line if you want a zip file of the docs I have scanned so far.

cw

On Feb 5, 2008, at 1:58 PM, Sean Steele wrote:

> Hi all, I’m looking for advice regarding and experiences with FOIA
> requests to state/municipal government(s), for data breach and
> related information. Have you been able to successfully request, if
> so how, do you have tips, tricks, hints, strategies, etc.
>
>

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]