State Laws

A service to the community.

Our Mission.

Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .

It’s been a long week, and it’s only Wednesday.  Bryan is due back from a well-deserved vacation, and I just know he’s going to ask for my next Dan’s New Leaf article.  Once again, I’m struggling again to come up with a topic.    I need to remember to ask a few Clients what they want me to write about.   In the background I hear the TV playing in the other room of my Study Barn.  Then I hear the words, “state law.”

When there is an incident at a community bank, one of the first steps after containment is to determine, through a well-designed process, if customers need to be notified, for their own protection.  While most banks are keen to notify customers based on safety, they still need to keep their eyes on two sets of laws – the federal law, and state laws.  Fortunately for banks, the federal government has spelled out a rather detailed process for responding to incidents.  But during an incident, banks also need to check the state laws covering all of the customers in their database.  It can be a daunting task to complete, given that most banks have customers from many states, especially when we’re all in a panic.

Sometimes we can offload this to our attorneys, but a lot of times we want to know what the laws are before hearing back from the attorneys.   Meanwhile, there needs to be a check of state law when we’re practicing response during our incident response exercises.

— Here’s where I get proud. —

If you go to our running library of state law links, a rundown of the 50 state-laws that banks may need to check during an incident, you will see how much our team wants to make information readily available to our Clients.   This page is not easy to keep updated. 

Our current CyberPoet Recipient, Matt Jolley, has been overseeing the research since 2017.  He actually compiled the first list as a solo article, not knowing our Clients would love it and want him to update it annually!  But we take a team approach to everything, and so I’m sure that a new employee or two now has a good understanding of how to find state laws related to cybersecurity incident response.

We offer these types of educational materials and resources – not only to our Clients, but to the community at-large – all in an attempt to empower you to manage technology risk.  That’s our mission.  Actually, our mission statement, written in the year 2000 and updated in 2019, is that “We maintain a growing and stable culture by empowering organizations to manage technology risk.”

It’s great to see Matt Jolley and our entire team taking steps on a day-to-day basis that can be traced directly back to our mission.

So, feel free to visit, or, or, or any of our other amazing free resources.

And enjoy!

Original article by Dan Hadaway CRISC CISA CISM. Founder and Information Architect, infotex

Dan’s New Leaf – a fun blog to inspire thought in  IT Governance.

Audit & Assessment

Policies & Procedure Development

Endpoint Detection and Response

Managed SIEM

Consulting Services

Network Monitoring

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...

“Cooked Turkey” – Awareness Poster

Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers!Check out for...