State Law Inventory
An Assist for Your Incident Response Team . . .
To be Used for Incidents!
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .
I want to circle back around to an article written by Matt Jolley CISA, our resident researcher, who spent months compiling an inventory of state and breach laws for each of the 50 states. What you need to realize, if you are a bank or credit union, is that you may not have to follow the law of your state regarding breach notifications; but if you do have one resident in any other state you should be able to quickly research that law and thus, Matt compiled a list of all 50 states and the laws that you as a bank or credit union must comply with if you have members of customers living in these states.
Most of these laws include a provision that establishes that financial institutions who are already in compliance with federal regulations are exempt from the breach notification parts of the state law. Not all states make this provision and therefore when there is a breach you will need to inventory your customer base and compare it to the laws for the states in which your customers live. Let’s face it, we all should download the Florida law, possibly the Arizona law, and if we have a college in our community we may have to be familiar with all 50 State Laws. And thus we are proud of Matt’s work.
Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex
Dans New Leaf is a fun blog to inspire thought in the area of IT Governance.