Security Bytes

Jun 14 2007   1:30PM GMT

New Hampshire posts treasure trove of security breach documents

David Schneier David Schneier Profile: David Schneier

There are a few states that demand that organizations that suffer security breaches that compromise customer data report those incidents to the state as well as the affected individuals. One of those forward-thinking states is New Hampshire, and the state’ has gone a step further and decided to post to its Department of Justice Web site all of the notification letters it receives. The archive only goes back to November 2006 right now and includes a few dozen entries, but that will grow as more companies are breached.

This is the next logical step in the process of getting consumers as much information as possible about these security lapses. After all, it’s their data that’s at risk, so they’re entitled to whatever information is available. Chris Walsh, who contributes regularly to Adam Shostack’s indispensable Emergent Chaos blog, has been following state data theft disclosures and has put together a slick diagram using data on breach notifications in New York and North Carolina, showing how breaches in one locale affect people in others. It will be interesting to see whether other states adopt this same practice and what, if any, effect it has on the way consumers and the reporting companies treat these incidents.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: