<div>Spot on, in my opinion. It is not always what it is...but what is seems to be. perception is reality... etc, etc.</div>
<div> </div>
<div>That is why this entire topic needs to become as publicized as possible. The more people like us continue to create awareness around the loopholes and caveats of the laws that are out, the better.</div>
<div> </div>
<div>Just like most things in life, it seems that the real fight, and progress to be made in all of this, is much faster on the legal front...as opposed to the technical front.</div>
<div> </div>
<div>MD<br><br> </div>
<div><span class="gmail_quote">On 1/10/07, <b class="gmail_sendername">Donald Aplin</b> <<a href="mailto:DAplin@bna.com">DAplin@bna.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">The vast majority of the 34 state-enacted data breach<br>consumer notification laws only require notice if there is
<br>a breach of unencrypted data. A few of the newer ones added<br>that it's still a covered breach if the encryption key goes<br>missing at the same time encrypted data is lost. Perhaps<br>more important are the risk of harm threshold provisions in
<br>many of the laws which do not require notification if after<br>a "reasonable" investigation by the covered entity there is<br>a determination that there was no actual damage or any<br>reasonable risk of future harm done by the breach (this is
<br>consistent with the court examinations of breaches in which<br>they pretty much uniformly do not consider the threat of<br>potential ID theft to be actual damages). In short, the fox<br>gets to guard the henhouse.<br>
<br>Donald G. Aplin<br>Legal Editor<br>BNA's Privacy & Security Law Report<br>(202) 452-4688<br><br>_______________________________________________<br>Dataloss Mailing List (<a href="mailto:dataloss@attrition.org">
dataloss@attrition.org</a>)<br><a href="http://attrition.org/dataloss">http://attrition.org/dataloss</a><br>Tracking more than 143 million compromised records in 530 incidents over 7 years.<br><br><br></blockquote></div><br>