California disclosure law has national reach

California disclosure law has national reach
Kevin Poulsen, SecurityFocus 2003-01-06

A new California law requiring companies to notify their customers of computer security breaches applies to any online business that counts Californians as customers, even if the company isn't based in the Golden State.

Expand all | Post comment

California disclosure law has national reach 2003-01-07
Midridth (1 replies)

re: California disclosure law has national reach 2003-01-07
Keydet89 (at) yahoo (dot) com [email concealed] (1 replies)

re: California disclosure law has national reach 2003-01-08
Anonymous

I completely agree with you...the crux of the matter is truly what constitutes "knowledge". IMHO, the standard should be whether or not the entity should have knowledge of the compromise based upon industry standards and common practices. Companies that fail to review logs (or, even worse, don't log) or fail to implement NIDS or HIDS to identify potential compromises shouldn't be given a "free pass" by this law...they should be treated as if they knew about the compromise but failed to disclose it if it is reasonable to believe that these common practices would have alerted them to the compromise. This would in the very least counteract the negative impact this could have on security advocacy within companies.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/1984/17564#17564

California disclosure law has national reach 2003-01-08
Ajay Gupta, CISSP

California disclosure law has national reach 2003-01-08
Anonymous (2 replies)

California disclosure law has national reach 2003-01-08
Anonymous

Interstate Law 2003-01-09
Ryan C

California disclosure law has (inter)national reach 2003-01-09
Robert Turner - UK

California disclosure law has national reach 2003-01-09
Anonymous