BreachExchange mailing list archives
Incidents that may have been exempt from H.R. 2221 were it law during the incident
From: David Shettler <dave () opensecurityfoundation org>
Date: Thu, 10 Dec 2009 11:11:09 -0500
http://datalossdb.org/index/not_covered_by_hr2221 The incidents on the above linked page would not have fallen under the jurisdiction of the FTC were H.R. 2221 law and in effect at the time of these breaches. You can read more about our analysis of H.R. 2221 here, but to summarize: The FTC would not have jurisdiction over: * Banks * Savings and Loan * Thrifts * The Insurance Industry * Non-Profits (including Education) ...and possibly more. These groups represent a significant percentage of the DataLossDB database. NOTE: These results are imperfect. Some companies are large and have many subsidiaries in differing industries making it difficult to isolate via a simple search query, but for the most part, this should be an interesting reflection of what the bill might miss. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Incidents that may have been exempt from H.R. 2221 were it law during the incident David Shettler (Dec 10)