Importance of state security laws go beyond borders
Sometimes an individual state law becomes de facto national legislation, as was the case with California’s SB1386. This law requires any company that maintains personal data about a resident of California, provide notification in the event of a breach. But of course, California’s economy is larger than that of many foreign countries I’ve been in, so the law had an impact far beyond its borders. A company headquartered on the other side of the country is still likely to have some California customers, so it still applies.
The same ripple effect may take place as a result of Nevada’s new law, which requires that a business encrypt all transmissions of personal information over the Internet. The law takes effect on October 1, 2008. As a result, transmitting unencrypted personal information over the Internet in any form, including email, would constitute violation. The legislation specifically defines “personal information” as a person’s name, in combination with a social security number, driver’s license number, or account number in combination with a security code, access code or password.
There are some other states that have similar legislation, including California, Texas, and Rhode Island. But the Nevada law is more specific, in that it mandates the use of encryption as a security measure, and its passage may well set the standard for companies’ security policies nationwide. There has been some criticism of the new law, in that it defines “encryption” very broadly, and does not coordinate with any industry standards. Also, penalties for violation are not clearly stated. Read the rest of this article
» posted by jdarmanin
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
