[Dataloss] Reporting Dataloss
Al Mac Wheel
macwheel99 at wowway.com
Sun May 4 00:51:52 UTC 2008
For most of the laws, it matters not where the data was located (MD), it
matters where the people located whose identities put at risk (KY), but as
a practical matter, if the vendor was outside the USA, it would be more
difficult to get legal action.
If it is a crime in one nation, but not a crime in another nation, then
extradition, enforcement, etc, can be impractical.
It also matters what kind of entity was responsible for safeguarding the data.
Most of the laws are directed against private corporations, not against
government agencies, non-profits, private persons.
According to this site http://www.pirg.org/consumer/credit/statelaws.htm
in Kentucky, you have to wait until you have been victimized by ID theft,
then you get some help after the fact.
http://www.lrc.ky.gov/record/06RS/HB54.htm but it only applies to certain
kinds of ID theft, such as credit fraud.
Similarly, the people protected are customers, or credit consumers, not
students.
Exempting financial institutions kind of defeats the purpose of the
Kentucky law.
In fact, nationwiide, children in school are not considered to have the
kinds of consitutional rights that adult citizens enjoy.
>The state is KY.
>
>I believe the vendor (and thus the location of the breach) was in MD,
>which complicates things a little more.
More information about the Dataloss
mailing list