Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1

From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 30 Jun 2009 16:41:27 -0400
From the folks at Attrition and the Dataloss DB.


The other 44 sates and terrirories can be found at
http://www.ncsl.org/?tabid=13481.

---------- Forwarded message ----------
From: security curmudgeon <jericho () attrition org>
Date: Tue, Jun 30, 2009 at 2:45 AM
Subject: South Carolina & Alaska Privacy Breach Notice Laws Go Into
Effect July 1
To: dataloss-discuss () datalossdb org, dataloss () datalossdb org

http://www.realtime-itcompliance.com/laws_regulations/2009/06/south_carolina_alaska_privacy.htm

South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1

This week two more U.S. breach notice laws go into effect...

1. Most of South Carolina's Financial Identity Fraud and Identity Theft
Protection Act went into effect in December 2008. However, Section 4.A and
Section 7.A, which cover identity theft and security breach notification,
are going into effect on July 1, 2009.

A few interesting notes about this law:


    * It has a civil penalty of $1,000 per resident affected by the breach
for entities who 'knowingly and wilfully' violate the notification
requirements.

    * It does not specify a maximum amount for the total penalty. Most
other U.S. state and territory breach notice laws have penalty caps.

    * If the number of residents affected exceeds 1,000, entities also
have to notify the Department of Consumer Affairs.

2. Alaska's Personal Information Protection Act goes into effect no July
1, 2009.

A violation of this law could result in a penalty of up to $500 for each
resident whose information was compromised by the breach, with the maximum
amount set at $50,000.


Among other requirements, both of these laws require:

    * That businesses who posses ('own' or license) the personal
information of residents of the states to notify a breach of security to
every resident whose personal information was affected.
    * Breach notification must be made within the 'most expedient time
possible and without reasonable delay'.

[SNIP]

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: