[Dataloss] A data security breach legislation question

Wed Mar 12 12:30:23 UTC 2008

hi all,
the question i have around US data breach notification legislation is this:

"why are we counting states?"

if most legislation applies to affected record-holders if they are
residents and 95% of breaches already either happen in a state with a
law or include records of persons residing in such states, then...
hasn't this basically become a necessity?

in other words, organizations had better just notify to be in compliance.

following from this: what is the importance to an organization of
reading through particulars of state by state legislation when they
can just follow California, notify everyone, and be in compliance?

bonus question: in your opinion, why are so many companies choosing to
include credit monitoring services for those affected?  a) altruism b)
just not that costly c) concern about downstream law-suits d) ?

rgds,
rob

On 10/03/2008, Susan Orr <susan at susanorrconsulting.com> wrote:
> I was just looking at the various states the other day, and there are
>  some differences - some exempt encrypted information, some exclude
>  financial institutions and others that are covered under other existing
>  federal and state laws like GLBA.  One state I believe exempts "state
>  agencies" Oklahoma I think.
>
>  Didn't know it was up to 40, last I saw was 38.  I'll have to check it
>  out, thanks.
>
>
>  Rebecca Herold wrote:
>  > Counting the District of Columbia, as of the end of October it was 40; see
>  > http://www.privacyguidance.com/files/statebreachnotificationlaws10.19.07.pdf
>  >
>  > Best regards,
>  >
>  > Rebecca Herold
>  > ----- Original Message -----
>  > From: "Kalter, Sarah " <skalter at affiniongroup.com>
>  > To: "lyger" <lyger at attrition.org>; <dataloss at attrition.org>
>  > Sent: Monday, March 10, 2008 10:07 AM
>  > Subject: [Dataloss] A data security breach legislation question
>  >
>  >
>  >
>  >> Hi All,
>  >>
>  >> Does anyone happen to know how many states have enacted data security
>  >> breach laws/legislation? And if so, which states?
>  >>
>  >> Thank you so much!
>  >>
>  >> Best,
>  >> Sarah
>  >> _______________________________________________
>  >> Dataloss Mailing List (dataloss at attrition.org)
>  >> http://attrition.org/dataloss
>  >>
>  >> Tenable Network Security offers data leakage and compliance monitoring
>  >> solutions for large and small networks. Scan your network and monitor your
>  >> traffic to find the data needing protection before it leaks out!
>  >> http://www.tenablesecurity.com/products/compliance.shtml
>  >>
>  >
>  > _______________________________________________
>  > Dataloss Mailing List (dataloss at attrition.org)
>  > http://attrition.org/dataloss
>  >
>  > Tenable Network Security offers data leakage and compliance monitoring
>  > solutions for large and small networks. Scan your network and monitor your
>  > traffic to find the data needing protection before it leaks out!
>  > http://www.tenablesecurity.com/products/compliance.shtml
>  >
>
> _______________________________________________
>  Dataloss Mailing List (dataloss at attrition.org)
>  http://attrition.org/dataloss
>
>  Tenable Network Security offers data leakage and compliance monitoring
>  solutions for large and small networks. Scan your network and monitor your
>  traffic to find the data needing protection before it leaks out!
>  http://www.tenablesecurity.com/products/compliance.shtml
>
>
>