From Arizona to Wyoming: An Inventory of State Laws
What do you need to be compliant in your state?
An article review.
One subprocess to incident response many of our banking Clients are currently wrestling with is how to address customers living in “other states.” If we’re on the border between Indiana and Ohio, we already know the laws of these two states and have incorporated these laws into our incident response plans (and fortunately both states exempt banks from compliance.) But what if we have one customer who resides in Florida? Alaska? Rhode Island?
We have found an inventory of state laws that seems to be rather current. It is actually a subset of a larger guidance document about FERPA, something our school Clients are concerned with, so we have excerpted just the inventory for our bank Clients:
Indiana: HB 1003 – Requires compliance with FERPA and implements a data security plan including breach, retention and disposition procedures.
Illinois: SB 887, SB 1796 – Prohibits providing personally identifiable information on individual students, except in specific cases as specified by FERPA.
Kentucky: HB 232 – Requires notification of any breach of personally identifiable information, limits data storage in the cloud and prohibits use of student data for advertising or other commercial purposes.
Ohio: HB 487 – Requires annual reporting of breach related incidents, safeguards for confidentiality and allows for sanctions against districts which fail to protect personally identifiable information.
Wondering about the laws for a different state? You can check out the entire list here.