Indiana's Breach Law
(Posted by cwalsh)
Indiana's breach notification law went into effect on July 1, 2006. An excerpt relevant the "lost laptop" phenomenon:
Sec. 2. (a) As used in this chapter, "breach of the security of the system"
means unauthorized acquisition of computerized data that compromises the security,
confidentiality, or integrity of personal information maintained by a state or
local agency.
(b) The term does not include the following:
(1) Good faith acquisition of personal information by an agency or
employee of the agency for purposes of the agency, if the personal information
is not used or subject to further unauthorized disclosure.
(2) Unauthorized acquisition of a portable electronic device on
which personal information is stored if access to the device is protected
by a password that has not been disclosed.
Bookmark this post: Posted by cwalsh on July 29, 2006 at 6:07 PM
in breach analysis
. You can:
comment, view comments (1),
see trackbacks (0) or
search Technorati.
Comments
If I read this right, according to point (2) an undisclosed Windows password is considered sufficient protection?
If so, Knoppix and F.I.R.E say hello.
Posted by: Lyger | July 30, 2006 5:42 PM