Yesterday I posted a link to my quick reference list of breach notice laws.
I created that document at the beginning of this month, and Doug Markiewicz told me today in a comment to that post that there are two additional laws, one signed since I created my most recent list; thanks Doug!
The Iowa breach notice law, S.F. 2308, was signed by Governor Culver May 10, 2008.
And it’s about time Iowa got a breach notice law on the books!
I had missed West Virginia; Governor Manchin III signed S.B. 340 into law on March 27. Darn…missed that one!
I’ll get my U.S. breach notice laws quick reference document updated and posted within the next week!
As Doug indicated in his comment, the National Conference of State Legislatures has a list of the state laws, along with links to the regulatory text.
As my next enhancement to my quick reference listing, I’m now leaning towards providing the definitions of personal information (personally identifiable information, or PII) from each of the laws, and/or the time requirements for sending any necessary notifications. I’ve been hearing from CISOs and CPOs that those are two issues that they’d like to get quick information about.
There are some international breach notice law proposals poised to be signed into law in the near future…I will add those to my quick reference as well when I am aware of them.
Tags: awareness and training, Information Security, IT compliance, policies and procedures, privacy, privacy breach notice laws, risk management, security awareness, security training