Latest news
Imation used publicly available sites (including information obtained via the National Conference of State Legislatures) to analyze state compliance laws in the 46 U.S. states that have such laws, as well as in Puerto Rico, the District of Columbia and the U.S. Virgin Islands.
Imation created a “Compliance Heat Map” to depict the strictness of data breach laws and resulting penalties for breaches. The Compliance Heat Map provides a visual snapshot of the strictness of regulations by state, using a color scale ranging from light yellow (less strict) to dark red (more strict).
IT pros today are responsible for managing data, which includes ensuring security, business continuity and regulatory compliance. For small- to mid-sized businesses, the challenge is often to meet compliance requirements with limited resources, which leads to higher risk.
Imation’s research found most state data breach notification laws to offer similar definitions of personally identifiable information and requirements regarding the notification of affected parties. Among the research’s noteworthy findings:
- Four states have yet to enact a data breach notification law: Alabama, Kentucky, New Mexico and South Dakota.
- According to Imation’s analysis, Virginia has the most strict law in the nation. The law provides specific requirements on what is to be included in a breach notification, requires government and credit reporting agency notification, and includes a large financial penalty relative to other states.
- A few states, including Virginia, require notification even if breached data is encrypted—if the encrypted data was stolen along with the encryption keys.
Imation also considered other germane laws, such as those dictating data destruction or allowing for consumer freezing of credit report requests. Imation used publicly available information about the laws, including the legislation itself.
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
