[Dshield] [Fwd: new law concerning theft of personal info]
Johannes B. Ullrich
jullrich at sans.org
Fri Jun 6 00:22:08 GMT 2003
Posted for: Andy Stevko
New CA law requires disclosure of security breach with possible theft of
unencrypted personal information.
Effective July 1st.
1798.82. (a) Any person or business that conducts business in California,
and that owns or licenses computerized data that includes personal
information, shall disclose any breach of the security of the system following
discovery or notification of the breach in the security of the data to any
resident of California whose unencrypted personal information was, or is
reasonably believed to have been, acquired by an unauthorized person. The
disclosure shall be made in the most expedient time possible and without
unreasonable delay, consistent with the legitimate needs of law enforcement,
as provided in subdivision (c), or any measures necessary to determine the
scope of the breach and restore the reasonable integrity of the data system.
"An unfortunate side-effect of most arrangements is to
ensure that accidents don't happen. The beauty of
collective improvisation is that accidents will happen."
More information about the list