Data Breach Information Retention & Statute of Limitations

[Jimdigriz]

It's understood that the state certainly knows the identity, yet the state did nothing punitive -- it made the person in question rather curious as to the intentions of the state in deciding to not prosecute or seek interdepartmental assistance from the Fed (insofar as he knows from that time). I really appreciate your guys' assistance.

At the same time, holding the data might help prove he wanted to do good while destroying the data might help prove intent to commit the earlier crimes as well be a violation in and of itself. ( 18 U.S.C. § 1519 )

^ This is interesting given that in a way that may be the original intention in both retaining and releasing the information. Most, if not all of it is of no real end-use other than exposure to the state, granted each affected person's credentials have changed by now. Additionally, there is only certain content retained and/or supposedly in the person's possession, all of which was intended to be used as proof that the breach actually occurred and was largely ignored. I'm definitely going to study up on the ccmanual to see how this all bridges together. I have no doubt that if the Feds wanted to prosecute, they'd find a way. Having said as much, this state is the same way -- I would have presumed they'd do the same, but did not.

 

[pac72]

hillarys missing 30,000 emails perhaps?

 

[Jimdigriz]

hillarys missing 30,000 emails perhaps?

The person would be dead if that were the case lol. Just a wealth of information and proof thereto of the massive incompetence of an entire State and one of its key institutions that would largely humiliate the state (which it deserves) and also potentially lead to countless civil actions back and forth between employees, denizens of said organizations, etc, including an almost guaranteed lawsuit by one employee who had nothing to do with the supposed breach, or any knowledge of it -- something that was proven, and yet that employee still lost his job, in addition to several other high up employees mysteriously resigning at the same time.

 

[quincy]

The person would be dead if that were the case lol. Just a wealth of information and proof thereto of the massive incompetence of an entire State and one of its key institutions that would largely humiliate the state (which it deserves) and also potentially lead to countless civil actions back and forth between employees, denizens of said organizations, etc, including an almost guaranteed lawsuit by one employee who had nothing to do with the supposed breach, or any knowledge of it -- something that was proven, and yet that employee still lost his job, in addition to several other high up employees mysteriously resigning at the same time.

It would not be out of the ordinary for the state or an entity whose data was breached to try to keep the breach a secret. That has been standard practice in most of the major database breaches.

That is why many states are considering making it an additional crime not to report a known breach within X number of days from date of discovery.

 

[Jimdigriz]

Yes and I also believe there are laws in place that make it a crime for an organization or government entity to neglect to make those affected aware of a breach when they know it has occurred, with some limited exceptions when it comes to identity theft. This is another factor in his deciding how to handle the information now that the SOL for the actual act is coming to a close -- the state could still be culpable.

 

[quincy]

Yes and I also believe there are laws in place that make it a crime for an organization or government entity to neglect to make those affected aware of a breach when they know it has occurred, with some limited exceptions when it comes to identity theft. This is another factor in his deciding how to handle the information now that the SOL for the actual act is coming to a close -- the state could still be culpable.

He might want to see an attorney in his area.

 

[Jimdigriz]

I very much appreciate the input from each of you and will be sure to keep all posted in the upcoming future. It's a lot to think on and to research, but the perspective was much needed!

 

[quincy]

I very much appreciate the input from each of you and will be sure to keep all posted in the upcoming future. It's a lot to think on and to research, but the perspective was much needed!

We always like updates.

I hope the fellow handles others' personal information with care.