Promises to protect customer data get some attention
The last couple of weeks have been a busy time for information security law and privacy. First, the California law that requires disclosure of break-ins that compromise personal data went into effect on July 1st. Senator Diane Feinstein introduced legislation that would make such disclosure requirements mandatory nationwide. Aimster lost its appeal, Verizon ponied up its database, and the RIAA declared legal war on its customers.
The Interior Department was ordered offline again because it can't provide adequate security. The California Supreme Court declared that a former Intel employee's massive e-mail to his former colleagues was not a "trespass to chattels" and thereby limited (albeit slightly) the ability of network owners to decide what can and cannot be done on their networks.
But the most important event from a legal and security perspective was the fact that the United States Federal Trade Commission indicated its intention to actively pursue companies that obtain personal information by promising a level of security, and then not delivering it.
[ Read more ]