The Information Commissioner’s Office in the UK has released a guideline (link at the bottom) detailing how they would impose fines to organizations that breach the Data Protection Act. One thing that doesn’t seem to get mentioned enough is the use of data encryption; however, what’s important is under what context it does get mentioned. […] read more
Health Net of Connecticut is facing a lawsuit filed by the Attorney General of Connecticut, according to databreaches.net. The AG is also looking to have Health Net use disk encryption software on portable electronic devices. If you’ll recall, Health Net waited 6 months to notify their clients about a data breach that was started when […] read more
Is full disk encryption becoming less important? According to a new report by idetheftcenter.org, hacking is now the number one cause for data braches, followed by internal attacks, as reported by PC World. That’s Not Quite Right… I must take some issue with the PC World article, though. There are two sets of stats, and […] read more
I seem to veering a lot from covering drive encryption software issues, but this particular issue of woman being fired for sending a tweet to Governor Barbour (Mississippi) is pretty interesting. A hospital administrator, Jennifer Carter, at UMC (University Medical Center) was “strongly encouraged to resign” after she had sent the following tweet to the […] read more
Massachusetts Data Protection & Privacy Law – 201 CMR 17.00 / Massachusetts General Law, Chapter 93A.
Covered in this post: Compliance date of March 1, 2010 for Mass. Data Privacy Law What’s it going to cost? How AlertBoot encryption can help Penalties: $5,000 per violation Standards for the Protection of Personal Information of Residents of the Commonwealth of Massachusetts, 201 CMR 17.00 If you do business in Massachusetts, you know by […] read more
The Boston Globe has noted that 1 in 6 MA residents have been subjected to a data breach of their personal information over the past two years. While computer full disk encryption like AlertBoot would have helped prevent many of these breaches, most have involved instances where encryption software would have been of questionable utility: […] read more
Data encryption for SMBs: It’s an issue that bears looking into because of the upcoming compliance requirements with Massachusetts’s 201 CMR 17.00 legislation (aka the “data breach laws”). While there are many aspects to cover under 201 CMR 17.00–including the protection of paper documents under lock–perhaps the issue that has raised the most ruckus is […] read more
Data Encryption Software Exemption To Federal Law On Data Breach And Identity Theft Risk Passed By House.
The House of Representatives has passed a bill that would set a nationwide rule similar to California’s SB 1386 (Cali’s data breach notification law, as some call it). Among other similarities, it grants safe harbor for any companies that use data encryption to minimize the risk of a security breach of people’s personal information. “Encryption” […] read more
There is a lot of controversy over making data encryption mandatory vs. strongly encouraging it (and being “punished” with notifications in the event of a data breach where encryption was not used, hence “encouraging it”). However, if you take a look at the recent Wentworth-Douglass Hospital debacle, one wonders whether strong encouragement can really get […] read more
If you’ll recall, BlueCross BlueShield announced a data breach last month, when an employee lost a laptop with the information of all doctors in their network (apparently, something like 90% of all doctors nationwide). While BCBS uses drive encryption software to secure data, it was in vain: the employee had downloaded the data to his […] read more