Blogs

Showing Blog Posts: 91–100 of 104 tagged Data Breach

  • California Information Security Legislative Update

    by Stephen Wu on May 5, 2010

    Last year, California addressed the disposal of personal information by enacting AB 1094, which provides a safe harbor for storage companies or landlords when they end up with others’ records containing personal information. Governor Schwarzenegger, however, vetoed legislation, SB 20, to enhance the state’sbreach notification law to require notification to the California AttorneyGeneral, in…

  • North Carolina's Amendment to its Breach Notification Law

    by Stephen Wu on April 17, 2010

    Although almost all the states have some form of breach notification law, the legislative process regarding breach notification has not reached an end. Some states are changing their breach notification laws in an effort to enhance their protections. Last July, North Carolina enacted S.B. 1017, which amends the state’s breach notification law. N.C. Gen. Stat. § 75-65. Click here for a copy of S.B. …

  • Missouri's Breach Notification Law

    by Stephen Wu on April 13, 2010

    Missouri became the 45th state to enact a breach notification law. Mo. Rev. Stat. §§ 407.1500.1-407.1500.4. Missouri’s governor signed the enabling legislation, H.B. 62, into law last July. It went into effect last August 28. For a copy of H.B. 62, click here. H.B. 62 covers “personal information” consisting of a name in combination with a driver’s license number, Social Security number, or…

  • Montana's Amendments to Its Breach Notification Law

    by Stephen Wu on April 7, 2010

    Last April, Montana added a public sector breach notification requirement to its existing private sector breach notification law. Mont. Code Ann. § 30-14-1704. The new law, enacted as H.B. 155, went into effect on October 1, 2009. It applies to “state agencies,” and creates a breach notification requirement for agencies maintaining data containing personal information. For a copy of H.B. 155, …

  • New Information Security Lawsuit -- Why Now?

    by Stephen Wu on February 16, 2010

    Over the years, many have doubted whether we will see substantial, real-dollar information security lawsuits. Some said that companies don't want to be embarrassed by filing suit and having to admit in their complaints that they've been hacked. Others said there's no money in it for potential plaintiffs (and plaintiffs' attorneys). In my opinion, I always thought we'd see plaintiffs filing cases…

  • Summary of Selected Encryption Laws

    by Stephen Wu on January 23, 2010

    This month, I updated a white paper entitled "Summary of Selected Encryption Laws." The white paper will be an appendix in a forthcoming book to be published by the American Bar Association Section of Science and Technology Law on data protection. The white paper summarizes selected encryption-related federal and state statutes, regulations, and regulatory guidance. The original version of this…

  • Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures

    by Ben Rothke on January 12, 2010

    Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures explores an important, yet often neglected topic. Even though hacker Kevin Mitnick's notorious exploits are more than a decade old, the media, and even some security professionals, continue to be obsessed with him. In early October 2006 alone, his name came up a few dozen times in a…

  • Massachusetts Issues Final Data Security Regulations

    by Stephen Wu on November 6, 2009

    On November 4, 2009, the Massachusetts Office of Consumer Affairs and Business Regulations announced that it promulgated final data security regulations to take effect on March 1, 2009. In a previous blog post, I described imminent changes to the regulations and some of the history of the Massachusetts regulations. The final regulations appear at Title 201 of the Code of Massachusetts Regulations, …

  • Connecticut Data Protection Law

    by Stephen Wu on July 22, 2009

    As part of our ongoing efforts to keep you up-to-date concerning information security legislation around the country, this post covers a fairly recent Connecticut law of interest to information security professionals, executives, risk managers, and attorneys. Connecticut enacted a new data protection law that became effective October 31, 2008. It includes both protection of Social Security…

  • California Health Care Data Protection Law Addresses Worker Snooping

    by Stephen Wu on April 12, 2009

    Last year, Governor Arnold Schwarzenegger signed into law new data protection laws to prevent health care workers from peeking at celebrities’ medical records, although the legislation strikes at lax data protection practices generally. The scope of the security breaches at the UCLA Medical Center is impressive in terms of the number of people involved, the number of records viewed, and the long…

This document was retrieved from http://www.rsaconference.com/blogs on Sun, 21 Sep 2014 22:10:15 -0400.
© 2014 EMC Corporation. All rights reserved.