[Dshield] Mandatory Disclosure of Data Loss Laws
warwick7th at gmail.com
Wed Aug 16 11:42:34 GMT 2006
Yeah, getting our friends in DC involved with this kind of legislation
is a nightmare waiting to happen but, frankly, in this political
climate I don't see anything serious or worthwhile coming out of DC
any time soon.
I think California has the best approach(did I just say that??).
Their law is customer\citizen centric. One of my clients was bitten
by this. Their legal department tried and tried to wriggle out from
under the California law but simply could not. Their level of
exposure was relatively small compared to that of, say, the VA but
still, the cost of printing the letters, handling, postage, etc was
not a trivial expense.
This is really a State issue I think. The feds could wrap it around
the interstate commerce notion and the 14th Amendment but the
enforcement of such a law from the federal side would be a problem. I
think there's a slippery slope here as well. From a purely selfish
standpoint, I'm not sure I like the idea of giving the feds ANY kind
of regulatory position on the Net. They are hungry to get their
collective pockets lined with "Internet Money(tm)" already.
Encouraging this kind of legislation is just one more step toward
another "use tax".
On 8/14/06, Shawn Cox <shawn.cox at pcca.com> wrote:
> Is California still the only State to have laws on the books which require
> companies who lose private data to notify the owners of said data?
> I thought there was some discussion of federal level laws on this subject,
> but I am unable to find the data at this time.
> We are currently in the process of updating our internal security policies
> and need to know if we stay with our current voluntary policy or shift gears
> to anticipate required notification which require more or less of our
> current policy.
> SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> Wide selection of 1-6 Day Courses. Top Instructors!
> Details: isc.sans.org/clickcount.php?ad=1
> (use Brochurcode "ISC")
> "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
Don't tread on me
More information about the list