|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Chris Walsh (chris
cwalsh.org)
Date: Fri Jun 06 2008 - 20:53:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The NY law does not consider encrypted information, regardless of its nature, to be private information as long as the encryption key remains protected. The law requires notification when private information has been or is reasonably believed to have been acquired by an unauthorized person.
(b) "Private information" shall mean personal information consisting of any information in
combination with any one or more of the following data elements, when either the
personal information or the data element is not encrypted, or encrypted with an
encryption key that has also been acquired
www.cscic.state.ny.us/lib/laws/documents/899-aa.pdf
I find it interesting that many of the various parties whose information was exposed have been identified not by BONY, or by any NY regulator, but by the *Connecticut* AG's office.
On Jun 6, 2008, at 6:34 PM, Mitch Tanenbaum - MC wrote:
Second, some states like NY, do do not have an encryption exclusion at all.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]