BreachExchange mailing list archives
Re: complete/official list of security breach disclosures
From: David Kovarik <david-kovarik () northwestern edu>
Date: Wed, 01 Feb 2006 19:42:20 -0600
Bill - Illinois has law similar to CA's, the Personal Information Protection Act of 2005. Passed in June, 2005, effective Jan 01, 2006. There is no "public reporting" measure. I'm not entirely sure that I'd want to go public in those instances where data was compromised, but I can see value in sharing the information with other institutions. Last place I worked (bank), we had a system whereby info was first sanitized then exchanged. - Dave David (Dave) Kovarik, CISM, CISSP Director of Information and Systems Security/Compliance Northwestern University/Information Technology 1800 Sherman, Suite 209 Evanston, IL 60201-3883 Office: (847) 467-5930 At 07:02 PM 2/1/2006, Bill Yurcik wrote:
It was a great idea to start this list!
Maybe someone can help me.
I have been looking for a complete list of security breach disclosures.
While its nice to have different lists of high profile disclosures
what would be interesting would be find out how many total disclosures
and the distributions of size and type. The SB-1386 law in California
requires companies to contact customers affected by breaches. I checked
with the California Attorney General's Office and there are no government
records being kept there since companies are not required to contact any
government entity. The papers report the high profile breaches -- basing
any analysis on the media coverage would be skewed.
Are there any states require public reporting of breaches?
Since other states are modeling security breach laws after
California's SB 1386 it would be great if somehow there could be a public
reporting element added to these laws so data on all breaches can be
collected and analyzed for fixing the right problems.
Cheers! - Bill Yurcik/NCSA University of Illinois
<byurcik () ncsa uiuc edu>
_______________________________________________
Dataloss mailing list
Dataloss () attrition org
https://attrition.org/mailman/listinfo/dataloss
_______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- Colorado Tech University, 12/16/05 lyger (Feb 01)
- complete/official list of security breach disclosures Bill Yurcik (Feb 01)
- Re: complete/official list of security breach disclosures security curmudgeon (Feb 01)
- Re: complete/official list of security breach disclosures Nick Lewis (Feb 01)
- Re: complete/official list of security breach disclosures Saundra Kae Rubel (Feb 01)
- Re: complete/official list of security breach disclosures lyger (Feb 01)
- Re: complete/official list of security breach disclosures security curmudgeon (Feb 01)
- Message not available
- Re: complete/official list of security breach disclosures David Kovarik (Feb 01)
- complete/official list of security breach disclosures Bill Yurcik (Feb 01)
- Re: complete/official list of security breach disclosures Adam Shostack (Feb 01)
- Message not available
- Re: complete/official list of security breach disclosures blitz (Feb 01)