[Dataloss] Reporting Dataloss
Sasha Romanosky
sromanos at andrew.cmu.edu
Sat May 3 23:48:39 UTC 2008
By my records, and that of state legislator website, Kentucky does not have
a breach law: http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm (as
of may 1, 2008). That being said, Chris Walsh's suggestions seem reasonable.
cheers,
sasha
________________________________
From: Aaron Allen [mailto:aaron at trifault.net]
Sent: Saturday, May 03, 2008 7:18 PM
To: Sasha Romanosky
Cc: dataloss at attrition.org
Subject: Re: [Dataloss] Reporting Dataloss
It was indeed the FTC and not the FCC. Too many TLAs in the
government, sorry about that :)
The state is KY.
The superintendent of the school is aware of the issue, and to be
fair, it was actually the vendor that leaked the information (now, whether
or not the vendor should have had the information is another question
entirely). I believe the vendor (and thus the location of the breach) was
in MD, which complicates things a little more. The data was available in
"sample reports" that were publicly available on the vendor's website
(easily googled). There were certainly not hidden or obscured in anyway
whatsoever.
More information about the Dataloss
mailing list