Shostack + Friends Blog Archive


Disclosure Laws, Redux

i-see-you!.jpgIn responding to Lyal Collins’ comment on my “Disclosure Laws” post, I went and read the Rhode Island
Identity Theft Protection act of 2005
(H6191). A couple of things occured to me. First, the National Conference of State Legislatures has a great list of Security Breach Legislation. Second, and perhaps more important, I don’t see a “hacking appeared limited” exemption in the law. (I did, however, see it in this Times-Argus story, attributed to Beverly Najarian.) I do see a “most expedient time possible” clause, which fortunately has a delay available to “restore the reasonable integrity of the data system.” If it was not for that, the government of Rhode Island might well have been the first to break the new law protecting their citizens.

(Chris Walsh reminded me of the breach legislation page, and Monody took the Peek-a-boo picture.)