Which edition? (second)
Chapter title: Security Policy
Page number: 303
I found something... (mark with an X)
[X] Obsolete that should be updated in the new edition
[ ] Unclear and should be clarified
[ ] Too brief and should be expanded with more detail
[ ] Incorrect or a general bug
Describe the issue:
Data breach disclosure laws have been rapidly enacted in various states as well
as in the EU in response to the increasing number of data braches. A section
should be added to 11.1.4.2 "Incident Response" to briefly explain that in some
cases, if personal customer data is taken, the company might be legally
required to report it.
A listing of laws for various states in the US can be found here:
http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.as
px
The latest EU directive concerning data breach disclosure is here:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:NOT
There may be other laws, but this is what I could find after a cursory web
search.
Original issue reported on code.google.com by volpeand...@gmail.com on 6 Aug 2013 at 2:58
Original issue reported on code.google.com by
volpeand...@gmail.com
on 6 Aug 2013 at 2:58