[Dataloss] complete/official list of security breach disclosures
David Kovarik
david-kovarik at northwestern.edu
Wed Feb 1 20:42:20 EST 2006
Bill -
Illinois has law similar to CA's, the Personal Information Protection Act of 2005.
Passed in June, 2005, effective Jan 01, 2006.
There is no "public reporting" measure. I'm not entirely sure that I'd want to go
public in those instances where data was compromised, but I can see value in
sharing the information with other institutions. Last place I worked (bank), we
had a system whereby info was first sanitized then exchanged.
- Dave
David (Dave) Kovarik, CISM, CISSP
Director of Information and Systems Security/Compliance
Northwestern University/Information Technology
1800 Sherman, Suite 209
Evanston, IL 60201-3883
Office: (847) 467-5930
At 07:02 PM 2/1/2006, Bill Yurcik wrote:
>It was a great idea to start this list!
>
>Maybe someone can help me.
>I have been looking for a complete list of security breach disclosures.
>While its nice to have different lists of high profile disclosures
>what would be interesting would be find out how many total disclosures
>and the distributions of size and type. The SB-1386 law in California
>requires companies to contact customers affected by breaches. I checked
>with the California Attorney General's Office and there are no government
>records being kept there since companies are not required to contact any
>government entity. The papers report the high profile breaches -- basing
>any analysis on the media coverage would be skewed.
>
>Are there any states require public reporting of breaches?
>
>Since other states are modeling security breach laws after
>California's SB 1386 it would be great if somehow there could be a public
>reporting element added to these laws so data on all breaches can be
>collected and analyzed for fixing the right problems.
>
>Cheers! - Bill Yurcik/NCSA University of Illinois
> <byurcik at ncsa.uiuc.edu>
>
>
>_______________________________________________
>Dataloss mailing list
>Dataloss at attrition.org
>https://attrition.org/mailman/listinfo/dataloss
More information about the Dataloss
mailing list