|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peyton, Janet P. (jpeyton
mcguirewoods.com)
Date: Wed Mar 12 2008 - 10:05:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It is important to look at the individual states because some have
multiple notice requirements (for notifying not only the consumer but
also the Attorney General's office, or in NY also notifying a state
agency that deals with data breach, etc.) Also, if you take a look at
Massachusetts, for example, it is a little different than California in
terms of the specific topics that must be addressed in the notice
letter. Until there is federal legislation that preempts the patchwork
of state laws, it will continue to be important to analyze compliance
state-by-state.
Janet Peyton
Janet P. Peyton
Partner
McGuireWoods LLP
One James Center
901 East Cary Street
Richmond, VA 23219-4030
804.775.1166 (Direct Line)
804.698.2230 (Direct FAX)
jpeytonmcguirewoods.com
This e-mail may contain confidential or privileged information. If you
are not the intended recipient, please advise by return e-mail and
delete immediately without reading or forwarding to others.
-----Original Message-----
From: dataloss-bouncesattrition.org
[mailto:dataloss-bouncesattrition.org] On Behalf Of Rob Shavell
Sent: Wednesday, March 12, 2008 8:30 AM
To: datalossattrition.org
Subject: Re: [Dataloss] A data security breach legislation question
hi all,
the question i have around US data breach notification legislation is
this:
"why are we counting states?"
if most legislation applies to affected record-holders if they are
residents and 95% of breaches already either happen in a state with a
law or include records of persons residing in such states, then...
hasn't this basically become a necessity?
in other words, organizations had better just notify to be in
compliance.
following from this: what is the importance to an organization of
reading through particulars of state by state legislation when they can
just follow California, notify everyone, and be in compliance?
bonus question: in your opinion, why are so many companies choosing to
include credit monitoring services for those affected? a) altruism b)
just not that costly c) concern about downstream law-suits d) ?
rgds,
rob
On 10/03/2008, Susan Orr <susansusanorrconsulting.com> wrote:
> I was just looking at the various states the other day, and there are
> some differences - some exempt encrypted information, some exclude
> financial institutions and others that are covered under other
> existing federal and state laws like GLBA. One state I believe
> exempts "state agencies" Oklahoma I think.
>
> Didn't know it was up to 40, last I saw was 38. I'll have to check
> it out, thanks.
>
>
> Rebecca Herold wrote:
> > Counting the District of Columbia, as of the end of October it was
> 40; see >
>
http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07
.pdf
> >
> > Best regards,
> >
> > Rebecca Herold
> > ----- Original Message -----
> > From: "Kalter, Sarah " <skalteraffiniongroup.com>
> > To: "lyger" <lygerattrition.org>; <datalossattrition.org>
> > Sent: Monday, March 10, 2008 10:07 AM
> > Subject: [Dataloss] A data security breach legislation question
> >
> >
> >
> >> Hi All,
> >>
> >> Does anyone happen to know how many states have enacted data
security
> >> breach laws/legislation? And if so, which states?
> >>
> >> Thank you so much!
> >>
> >> Best,
> >> Sarah
> >> _______________________________________________
> >> Dataloss Mailing List (datalossattrition.org)
> >> http://attrition.org/dataloss
> >>
> >> Tenable Network Security offers data leakage and compliance
monitoring
> >> solutions for large and small networks. Scan your network and
monitor your
> >> traffic to find the data needing protection before it leaks out!
> >> http://www.tenablesecurity.com/products/compliance.shtml
> >>
> >
> > _______________________________________________
> > Dataloss Mailing List (datalossattrition.org)
> > http://attrition.org/dataloss
> >
> > Tenable Network Security offers data leakage and compliance
monitoring
> > solutions for large and small networks. Scan your network and
monitor your
> > traffic to find the data needing protection before it leaks out!
> > http://www.tenablesecurity.com/products/compliance.shtml
> >
>
> _______________________________________________
> Dataloss Mailing List (datalossattrition.org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance
> monitoring solutions for large and small networks. Scan your network
> and monitor your traffic to find the data needing protection before
> it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
>
>
>
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]