Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Three more states add laws on data breaches

Companies face a growing list of notification statutes with different provisions
 

Sign up to receive Legislation/Regulation Resource Alerts

January 6, 2006 (Computerworld) -- Companies struggling to keep up with a patchwork of state laws related to data privacy and information security have three more to contend with, as new security-breach notification laws went into effect in Illinois, Louisiana and New Jersey on Jan. 1.
Like existing statutes in more than 20 other states, the new laws prescribe various actions that companies are required to take in the event of a security breach involving the compromise of personal data about their customers.
For instance, New Jersey's Identity Theft Prevention Act requires businesses to destroy all unneeded customer data and to notify consumers when sensitive data about them has been accessed by an unauthorized person. The law also limits the use of Social Security numbers on all items that are sent via postal mail.
Louisiana's Database Security Breach Notification Law requires entities that collect information on the state's residents to notify affected individuals of security breaches involving their confidential data. Government officials also need to be notified, according to the law. Illinois' Personal Information Protection Act is similar, although it doesn't require companies to inform the state government when breaches occur.
For companies that do business nationally or in various states, the smorgasbord of state laws poses a growing problem, because the measures often specify different triggers for notifications and set varying requirements on what needs to be disclosed, to whom and when, said Kirk Herath, chief privacy officer at Nationwide Mutual Insurance Co. in Columbus, Ohio.
In addition, some states require companies to provide credit-monitoring services to affected customers, whereas others don't, Herath said. And not all of the states offer safe-harbor provisions exempting from their laws companies that encrypt data, he said.
"What I would prefer to see is something that would be uniform and preemptive [of state laws]," Herath said. "Otherwise, you have a very inconsistent application of the law, with some states requiring you to do nothing [and] some hammering you to the point of being unfair." He added that it would be better to have a single law managed by a central regulatory authority, in much the same manner that the CAN-SPAM Act and the National Do Not Call Registry are.
"We're hoping a federal law will help clarify the situation," said the director of information security at a specialty retail chain based in California.
Until that comes to pass, the retailer plans to continue to use the SB 1386 breach-disclosure law that went into effect in California more than two years ago as a "baseline" for developing its security incident response and notification strategy, said the director, who asked not to be identified.
The retail chain also plans to

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
Mozilla updates Firefox 3.1 with Alpha 2 build
Microsoft explains Seinfeld-Windows TV ad: just a 'teaser'
Mozilla: Firefox is faster than Chrome
More top stories...
iPhone 3G owner sues Apple, AT&T over dropped calls, app crashes
At 10, Google reiterates commitment to CIOs
Analysts: Google spreading itself too thin
Users of Windows XP SP3 who try out IE8 Beta 2 won't be able to uninstall either one under certain circumstances.
Google has gone from innovative upstart to fat-and-happy industry leader in what seems like record time. Preston Gralla explains.
Microsoft's latest beta of IE8 includes better tab management, new services such as Web Slices and Accelerators, and the new 'porn mode.'
These leading-edge graduate schools are moving at the pace of the IT workplace, delivering coursework that's relevant to today's IT professionals.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
Identity & Security Management Zone

Ads by TechWords

See your link here
Computerworld Executive Briefing: The Compliance Era
Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign.
The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign.
Download this executive briefing download
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center
Register for this complimentary live webcast today!
Go to the webcast 
Qualified Security Assessors are not created equal
Download this whitepaper, free for a limited time, compliments of VeriSign!
(Source: VeriSign) Learn how a Qualified Security Assessor (QSA) can help you acheive full compliance and security in this white paper, presented by VeriSign and Computerworld.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Death to PST: Hidden Cost of Email Mismanagement
Extend, Replace, or Convert; which is the best way forward for COBOL Applications?
The Trend from Unix to Linux in SAP Data Centers
View more whitepapers