Penetration Testing mailing list archives
Fwd: South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 30 Jun 2009 16:41:27 -0400
From the folks at Attrition and the Dataloss DB.
The other 44 sates and terrirories can be found at http://www.ncsl.org/?tabid=13481. ---------- Forwarded message ---------- From: security curmudgeon <jericho () attrition org> Date: Tue, Jun 30, 2009 at 2:45 AM Subject: South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1 To: dataloss-discuss () datalossdb org, dataloss () datalossdb org http://www.realtime-itcompliance.com/laws_regulations/2009/06/south_carolina_alaska_privacy.htm South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1 This week two more U.S. breach notice laws go into effect... 1. Most of South Carolina's Financial Identity Fraud and Identity Theft Protection Act went into effect in December 2008. However, Section 4.A and Section 7.A, which cover identity theft and security breach notification, are going into effect on July 1, 2009. A few interesting notes about this law: * It has a civil penalty of $1,000 per resident affected by the breach for entities who 'knowingly and wilfully' violate the notification requirements. * It does not specify a maximum amount for the total penalty. Most other U.S. state and territory breach notice laws have penalty caps. * If the number of residents affected exceeds 1,000, entities also have to notify the Department of Consumer Affairs. 2. Alaska's Personal Information Protection Act goes into effect no July 1, 2009. A violation of this law could result in a penalty of up to $500 for each resident whose information was compromised by the breach, with the maximum amount set at $50,000. Among other requirements, both of these laws require: * That businesses who posses ('own' or license) the personal information of residents of the states to notify a breach of security to every resident whose personal information was affected. * Breach notification must be made within the 'most expedient time possible and without reasonable delay'. [SNIP] ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Fwd: South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1 Jeffrey Walton (Jun 30)