Blogs

Showing Blog Posts: 61–70 of 73 tagged Compliance

  • Alaska Data Protection Law

    by Stephen Wu on August 26, 2009

    This is another in our series of articles about data protection laws around the country. The focus for this post is on Alaska. On June 19, 2008, Alaska became the 44 th state with a breach notification law when then-Governor Sarah Palin signed HB 65, the Alaska Personal Information Protection Act (“Alaska Act”). Most of the Alaska Act became effective on July 1, 2009. The Alaska Act contains a…

  • Connecticut Data Protection Law

    by Stephen Wu on July 22, 2009

    As part of our ongoing efforts to keep you up-to-date concerning information security legislation around the country, this post covers a fairly recent Connecticut law of interest to information security professionals, executives, risk managers, and attorneys. Connecticut enacted a new data protection law that became effective October 31, 2008. It includes both protection of Social Security…

  • New California Electronic Discovery Act

    by Stephen Wu on July 3, 2009

    On June 29, 2009, Governor Arnold Schwarzenegger signed into law Assembly Bill 5, which enacts California's new Electronic Discovery Act. The new legislation's provisions are similar to the ediscovery rules in the Federal Rules of Civil Procedure, but are not identical to the Federal Rules. Some of the highlights are as follows. The rules allow the discovery of electronically stored information…

  • California Health Care Data Protection Law Addresses Worker Snooping

    by Stephen Wu on April 12, 2009

    Last year, Governor Arnold Schwarzenegger signed into law new data protection laws to prevent health care workers from peeking at celebrities’ medical records, although the legislation strikes at lax data protection practices generally. The scope of the security breaches at the UCLA Medical Center is impressive in terms of the number of people involved, the number of records viewed, and the long…

  • Why the CSO/CISO Should Care About eDiscovery Part -7-

    by Stephen Wu on January 21, 2009

    Part -7- The Federal Rules of Evidence The Federal Rules of Evidence (FRE) provide a Court with rules about whether and upon what circumstances evidence may be considered admissible at trial. These rules were written in the era of the non-electronic, paper-and-ink, or physical evidence world, at a time when when paper records were the norm, and when such paper records constituted the most…

  • Why the CSO/CISO Should Care About eDiscovery Part -5-

    by Stephen Wu on November 13, 2008

    Part -5- eDiscovery Leads to Digital Evidence The path to enhanced CISO understanding of the importance (to the enterprise) of rock solid digital evidence generation must first traverse the twists and turns fo the electronic discovery process. The pathway through eDiscovery may best be described though what is called the Extended Electronic Discovery Reference Model (EEDRM). The model is extended…

  • A New Administration Will Bring New Cybersecurity Regulatory Challenges

    by Stephen Wu on November 5, 2008

    America awoke this morning to a new President-Elect, Barack Obama, who swept to power in an historic election. With the change in administration, our attention as information security professionals naturally turns to the effect of the election on information security regulation and regulatory enforcement. In the past eight years, the Bush administration has neither pushed new information security…

  • Why The CSO/CISO Should Care About eDiscovery Part -4-

    by Stephen Wu on November 1, 2008

    Part -4- Recent Landmark Legal Precedents and Opinions Two important court decisions indicate an early trend underscoring the importance of eDiscovery and digital evidentiary issues to the CSO/CISO. The first case, In re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP 2005) is a precedent setting case in which the court excluded Amex's own corporate records offer of evidence necessary to establish its…

  • Security Implications of "Custody and Control"

    by Stephen Wu on October 25, 2008

    The terms "custody" and "control" should be very familiar to cyber-security stakeholders. We are, after all, concerned with internal security issues pertaining to role, access and location management as well as identity management. Note that data location means real or virtual, for those cloud type schema. It's well understood that data can't be protected unless we know what we want to protect, …

  • Why the CSO/CISO Should Care About eDiscovery Part -3-

    by Stephen Wu on October 25, 2008

    Part -3- The Evolving Landscape of eDiscovery There are three forces that are having an increasingly important influence in the ongoing evolution of eDiscovery processes. The first is the overwhelming predominance of corporate information generated and stored electronically. The second force is the December 2006 amendments to the Federal Rules of Civil Procedure (FRCP) which for the first time in…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 01 Sep 2014 17:01:16 -0400.
© 2014 EMC Corporation. All rights reserved.