<html>
<body>
<font size=3>NY just enacted legislation to that effect.<br><br>
<br>
At 20:02 2/1/2006, you wrote:<br><br>
<blockquote type=cite class=cite cite="">It was a great idea to start
this list!<br><br>
Maybe someone can help me.<br>
I have been looking for a complete list of security breach
disclosures.<br>
While its nice to have different lists of high profile disclosures<br>
what would be interesting would be find out how many total
disclosures<br>
and the distributions of size and type. The SB-1386 law in
California<br>
requires companies to contact customers affected by breaches. I
checked<br>
with the California Attorney General's Office and there are no
government<br>
records being kept there since companies are not required to contact
any<br>
government entity. The papers report the high profile breaches --
basing<br>
any analysis on the media coverage would be skewed.<br><br>
Are there any states require public reporting of breaches?<br><br>
Since other states are modeling security breach laws after<br>
California's SB 1386 it would be great if somehow there could be a
public<br>
reporting element added to these laws so data on all breaches can be<br>
collected and analyzed for fixing the right problems.<br><br>
Cheers! - Bill Yurcik/NCSA University of Illinois<br>
<byurcik@ncsa.uiuc.edu><br><br>
<br>
_______________________________________________<br>
Dataloss mailing list<br>
Dataloss@attrition.org<br>
<a href="https://attrition.org/mailman/listinfo/dataloss" eudora="autourl">
https://attrition.org/mailman/listinfo/dataloss</a></font></blockquote>
</body>
</html>