Blogs

Showing Blog Posts: 41–50 of 65 tagged Compliance

  • Missouri's Breach Notification Law

    by Stephen Wu on April 13, 2010

    Missouri became the 45th state to enact a breach notification law. Mo. Rev. Stat. §§ 407.1500.1-407.1500.4. Missouri’s governor signed the enabling legislation, H.B. 62, into law last July. It went into effect last August 28. For a copy of H.B. 62, click here. H.B. 62 covers “personal information” consisting of a name in combination with a driver’s license number, Social Security number, or…

  • Montana's Amendments to Its Breach Notification Law

    by Stephen Wu on April 7, 2010

    Last April, Montana added a public sector breach notification requirement to its existing private sector breach notification law. Mont. Code Ann. § 30-14-1704. The new law, enacted as H.B. 155, went into effect on October 1, 2009. It applies to “state agencies,” and creates a breach notification requirement for agencies maintaining data containing personal information. For a copy of H.B. 155, …

  • Washington's New PCI-Based Card Reissuance Liability Law

    by Stephen Wu on March 27, 2010

    On March 22, 2010, Washington’s governor signed a new law that holds businesses and card processors liable for the cost of reissuing cards following a security breach caused by their negligence. The legislation, H.B. 1149, goes into effect on July 1, 2010. H.B. 1149 § 3 (2010). For a copy of H.B. 1149, click here. Covered businesses are those that process more than 6 million card transactions a…

  • “Ten Commandments” of eDiscovery

    by Stephen Wu on February 9, 2010

    My colleague, Steven Teppler, recently spoke at the LegalTech New York trade show on eDiscovery and digital evidence topics. After attending the show, Steve posted a listserv mail concerning an interesting presentation at the show entitled "The Ten eDiscovery Commandments." The presenters were U.S. Magistrate Judges Frank Maas and Andrew Peck (both from the Southern District of New York). …

  • Summary of Selected Encryption Laws

    by Stephen Wu on January 23, 2010

    This month, I updated a white paper entitled "Summary of Selected Encryption Laws." The white paper will be an appendix in a forthcoming book to be published by the American Bar Association Section of Science and Technology Law on data protection. The white paper summarizes selected encryption-related federal and state statutes, regulations, and regulatory guidance. The original version of this…

  • Preview - PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance

    by Ben Rothke on January 8, 2010

    One of the two books I am reading now is PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance. At about page 50 and nice to see a book that is not obsolete by the time it is print. Covers the latest rev of the PCI DSS - 1.2.1. Seems like a really good guide for anyone dealing with PCI. Full review forthcoming.

  • Qualcomm eDiscovery Dispute - It's Not Over

    by Stephen Wu on December 21, 2009

    You may have heard about the famous Qualcomm eDiscovery case - - the one in which lawyers for patent infringement plaintiff Qualcomm Incorporated failed to turn over emails and other records about the company's participation in standards processes. The emails were relevant to the claims in the case, because participation in the standards group at issue would have undercut Qualcomm's case. Back in…

  • Say What You Do: Building a framework of IT controls, policies, standards, and procedures

    by Ben Rothke on December 21, 2009

    Say What You Do: Building a framework of IT controls, policies, standards, and procedures is an excellent book on how to build a compliance framework, which is the focus of this work. While many other books have claimed to assist the reader in that task, most are nothing more than tedious collections of checklists and tables that have little practical value. The authors take a different approach…

  • Can Attorneys and Technology Professionals Work Together?

    by Stephen Wu on December 15, 2009

    Last week, I attended a terrific conference for attorneys in San Francisco. For a while, I was steeped in the interesting legal educational content of the program, but once I left the conference, I returned to the world in which I usually dwell -- the intersection between law and technology. I realize that a wide gulf remains between attorneys and technology professionals -- one that has…

  • The Next NERC CIP

    by Gib Sorebo on December 14, 2009

    Last week I attended a North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Conference in Atlanta hosted by Electric Utility Consultants, Inc. (EUCI). The presentations were enlightening, particularly one that focused on the next version of the NERC’s Critical Infrastructure Protection (CIP) standards. As I noted in my first post, debates continue to rage about…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 23 Apr 2014 15:34:33 -0400.
© 2014 EMC Corporation. All rights reserved.