[Dshield] Mandatory Disclosure of Data Loss Laws

Roger A. Grimes roger at banneretcs.com
Tue Aug 15 23:20:36 GMT 2006

At least 20 states have similar laws. There are multiple competiting
federal bills under consideration. All are weaker than the California
law, all supercede strong state laws, and all appear to be co-written by
the very businesses they appear to regulate.  Any surprise?

You can read my (and Ed Foster's) articles on www.infoworld.com
regarding the subject. SANS Newsbyte has covered the problem in at least
two issues over the last few months.


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Shawn Cox
Sent: Monday, August 14, 2006 3:33 PM
To: 'General DShield Discussion List'
Subject: [Dshield] Mandatory Disclosure of Data Loss Laws

Is California still the only State to have laws on the books which
require companies who lose private data to notify the owners of said

I thought there was some discussion of federal level laws on this
subject, but I am unable to find the data at this time.

We are currently in the process of updating our internal security
policies and need to know if we stay with our current voluntary policy
or shift gears to anticipate required notification which require more or
less of our current policy.



SANS Network Security 2006 - Las Vegas NV October 1st-9th.
Wide selection of 1-6 Day Courses. Top Instructors!  

Details: isc.sans.org/clickcount.php?ad=1 (use Brochurcode "ISC")

"Best IT Security return on Investment" (Mario Chiock, Schlumberger)

More information about the list mailing list