The Laboratories of Democracy in Action
Chris emailed me a bit before Christmas with a link to the new “New York State Security Breach Reporting Form.” [link to http://www.oag.state.ny.us/consumer/tips/securitybreachReportForm.pdf no longer works] How could we withhold this exciting news? I wanted to wait until people were back from vacation, so they didn’t miss it. The form is important because it’s starting to ask for more data. There’s a section to describe the breach:
Description of Breach (please select all that apply): [ ]Hacking incident; [ ]Inadvertent disclosure;
[ ]Stolen computer, CD, tape, etc; [ ]Lost computer, CD, tape, etc; [ ]Insider wrongdoing;
[ ] other (specify):_______________________________________________ [Attach additional description if necessary]
mmm, “attach additional description if necessary.” It’s a far cry from earlier “a general description of what happened.” That was what Ontario was asking for at the start of this year. New York’s “if necessary” could go, requiring additional descriptions. I’d love to read those, and I look forward to it.
I can be optimistic because States, and their attorneys general, are going to compete to best protect their citizens. As they’ve competed, the sky hasn’t fallen. Even at TJX, with the biggest disclosed commercial breach in the US so far, sales were up.
I love the emergent chaos of breach laws, and I look forward to lots more in the New Year.
My eyes lit up when I saw that they are now also requiring companies to reveal the total number of persons affected and not just the number of NYS residents. Yay…