Melissa Daniels reports: Back in 2007, the theft of several state computers jeopardized the personal information of as many as 400,000 Pennsylvanians. Desktop computers from the Department of Public Welfare were taken from offices in Harrisburg and Philadelphia. Then, a laptop issued to the Department of Aging was stolen from a private residence. There’s no telling what someone might…
Category: State/Local
Bill advances to help prevent state data breaches
Sometimes the personal connection to a breach does get legislators off the dime. Lee Davidson reports: The wife of Sen. Stuart Reid, R-Ogden, was among 780,000 victims of a Utah health data security breach last March. On Wednesday, Reid passed through the Senate a bill designed to help prevent such breaches in the future. SB20,…
State Privacy Laws Evolve While Congress Remains Stalemated
New legislation governing data breaches and privacy issues is popping up in states across the country. Most recently, Connecticut, Vermont, and Illinois have enacted new laws in these areas. You can find a nice summary of the three new laws on CyberInquirer. Image credit: “Chessman” © Saimnadir | Dreamstime.com
Old law puts school data at risk
Susan Palmer reports: An obscure state regulation — one that requires districts to keep student records for decades — is one reason several thousand Eugene School District students are at risk of having their Social Security numbers hijacked following a security breach of the district’s electronic records. School districts must retain student records for 75…
Vermont Updates Data Breach Notification Law
Cynthia Larose and Amy Malone describe recent changes to Vermont’s law that strengthens some consumer protections: Effective as of May 8, 2012, Vermont’s updated data breach law (Act 109) brings along several changes. The biggest change is in the notification requirements. Notification to consumers must now occur no later than 45 days after discovery of the incident and must…
OH: Legislation proposal would require online security breaches to be reported
Jim Siegel reports that Rep. John Patrick Carney is planning to introduce a law requiring state agencies, businesses, and institutions to report any database security breach to the Ohio attorney general’s office if any Ohio resident’s personal information was accessed. Notification would have to be made within 40 days of discovery of a breach. Ohio…