Educause Security Discussion mailing list archives
Re: Pre-Breach Requirements - 18 States
From: Dan Han/HSC/VCU <s2dhan () VCU EDU>
Date: Tue, 12 Jul 2011 17:35:13 -0400
For now, our take is that we have to comply only with only our State laws, in addition to the Federal and industry regulations, etc. I am not sure if a State can impose its laws on another State. I am interested to see how the Mass. law holds up in court though. It may set a precedence... Dan Han Virginia Commonwealth University From: Steve Bohrer <skbohrer () SIMONS-ROCK EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Date: 07/09/2011 03:54 AM Subject: Re: [SECURITY] Pre-Breach Requirements - 18 States Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On 7/8/2011 12:11 PM, Rosenthal, Jane E. wrote: Hi Cliff, Can you tell me if your attorneys have determined that you have to comply with all 50 (or 46) state requirements rather than merely your own state? This has been a discussion here and I’m interested in what EDUs are thinking on this. Jane FWIW, the Mass data breech regulations claim to apply to anyone who has data about Mass residents: "The provisions of this regulation apply to all persons that own or license personal information about a resident of the Commonwealth." (from http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf ) Thus, if you have any students from MA, our regs may apply. I'm not sure how much that idea has been tested (seems kinda unfair that Mass Legislature can set rules for "all persons" everywhere), but if it holds up and if other states follow suit, seems that most EDUs will need to be prepared to deal with many state laws. (We definitely have to follow at least the MA regs, because it's our home turf, but I'm not sure how many additional state's regulations to watch out for.) Steve Bohrer Network Admin, Bard College at Simon's Rock
Current thread:
- Pre-Breach Requirements - 18 States Clifford Collins (Jul 06)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)
- Re: Pre-Breach Requirements - 18 States SCHALIP, MICHAEL (Jul 06)
- Re: Pre-Breach Requirements - 18 States Doug Markiewicz (Jul 08)
- <Possible follow-ups>
- Re: Pre-Breach Requirements - 18 States Dexter Caldwell (Jul 06)
- Re: Pre-Breach Requirements - 18 States Rosenthal, Jane E. (Jul 08)
- Re: Pre-Breach Requirements - 18 States Clifford Collins (Jul 08)
- Re: Pre-Breach Requirements - 18 States Steve Bohrer (Jul 09)
- Re: Pre-Breach Requirements - 18 States Dan Han/HSC/VCU (Jul 12)
- Re: Pre-Breach Requirements - 18 States Allison F Dolan (Jul 09)
- Re: Pre-Breach Requirements - 18 States Jack Suess (Jul 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 09)
- Re: Pre-Breach Requirements - 18 States j.price (Aug 02)
- Re: Pre-Breach Requirements - 18 States Irish, Adrian L (Aug 02)
- Re: Pre-Breach Requirements - 18 States David C Kovarik (Aug 03)
- Re: Pre-Breach Requirements - 18 States Solem, Vik P. (Jul 06)