Shostack + Friends Blog Archive

Here's to you, New York…

From New York’s Information Security Breach and Notification Act:

7. (A) IN THE EVENT THAT ANY NEW YORK RESIDENTS ARE TO BE NOTIFIED AT
ONE TIME, THE PERSON OR BUSINESS SHALL NOTIFY THE STATE ATTORNEY GENER-
AL, THE CONSUMER PROTECTION BOARD, AND THE STATE OFFICE OF CYBER SECURI-
TY AND CRITICAL INFRASTRUCTURE COORDINATION AS TO THE TIMING, CONTENT
AND DISTRIBUTION OF THE NOTICES AND APPROXIMATE NUMBER OF AFFECTED
PERSONS. SUCH NOTICE SHALL BE MADE WITHOUT DELAYING NOTICE TO AFFECTED
NEW YORK RESIDENTS.

(bold mine, caps in original)
Would that every state’s breach disclosure law had such a central reporting requirement. As Emil Faber memorably put it, “Knowledge is good”.

Originally published by cwalsh on 19 Oct 2005
Last modified on 19 Oct 2005
Categories:   Current Events   information security   Uncategorized