[Dataloss] Fw: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)

Chris Walsh chris at cwalsh.org
Sat Jun 7 01:53:08 UTC 2008


The NY law does not consider encrypted information, regardless of its nature, to be private information as long as the encryption key remains protected.  The law requires notification when private information  has been or is reasonably believed to have been acquired by an unauthorized person.

(b) "Private information" shall mean personal information consisting of any information in
combination with any one or more of the following data elements, when either the
personal information or the data element is not encrypted, or encrypted with an
encryption key that has also been acquired

www.cscic.state.ny.us/lib/laws/documents/899-aa.pdf

I find it interesting that many of the various parties whose information was exposed have been identified not by BONY, or by any NY regulator, but by the *Connecticut* AG's office.


On Jun 6, 2008, at 6:34 PM, Mitch Tanenbaum - MC wrote:

Second, some states like NY, do do not have an encryption exclusion at all.




More information about the Dataloss mailing list