Disk Encryption Software Would Have Prevented Data Protection Act Breach By Five NHS Trusts.

Five National Health Trusts have been found in breach of the Data Protection Act.  Most of these breaches could have been avoided via the use of disk encryption software like AlertBoot.  However, they hadn’t used the correct data protection programs–if at all–and have had to undergo formal undertakings with the Information Commissioner’s Office. The five […] read more

Australia Personal Information Data Encryption Provision And Security Laws.

As of July 1, 2009, Australia does not have any laws regarding notification of data breaches.  However, there are efforts underway to alert Australians (and the government) in the event a company or agency experiences a breach of sensitive data that could affect Australians.  There will be exceptions, of course.  For example, exceptions will be […] read more

New Jersey Personal Information Data Encryption Provision And Security Law.

Definition of “breach of security” and “personal information” What to do in the event of a breach Notifications – How To New Jersey’s personal information data breach laws contain a safe harbor for entities that use encryption (specifically, the New Jersey Statute 56:8-161 and 56:8-163).  I’m not a lawyer, but thankfully the law is written […] read more

Data Breaches In Australia And New Zealand: Over Half Of SMBs Have Them.

According to a new Symantec survey, 58-percent of Australian and New Zealand (ANZ) small and mid-sized businesses (SMBs) have experienced information security breaches.  Information security breaches include instances where data is lost, stolen, or hacked because there isn’t adequate protection in place, like data encryption software. Of those who answered the survey, 45-percent had experienced […] read more

Data Loss Prevention Failure Should Lead To CEO Jail Time?.

An international survey conducted by Websense reveals that 30% of respondents think that CEOs and board members at companies where a data breach occurred should be jailed.  Now, I wouldn’t find this too surprising, except that it was a survey done on security professionals at the 2009 e-Crime Congress.  That’s got me scratching my head. […] read more

Nevada Personal Information Data Privacy Encryption Laws: NRS 597.970.

(Updated 10 August 2009 – NRS 596.970 will stop being effective on January 1, 2010, with NRS 603 taking its place) Penalties For Violation Of Nevada’s Data Privacy Law Personal Information Defined According To Nevada Encryption Law NRS 597.970 Criticisms The Nevada encryption law regarding personal information went into effect on October 1, 2008, meaning that Nevada […] read more

Personal Information Encryption Laws For Massachusetts.

201 CMR 17.00, i.e., the so-called Massachusetts encryption law, makes it clear that any businesses (note, the government is excluded from this requirement) that collect personal information must also protect it.  Some of these measures are physical, like lockable file cabinets to protect paper documents. Others are data-centric, like the use of disk encryption software […] read more

Data Encryption Provision In New Missouri Senate Bill 207 Data Breach Notification Law.

Missouri taking a serious look at breach notification: SB 207 Preventing data breaches Missouri is one of the few states remaining in the US that still does not have a data breach notification law.  This is set to change, though, if Senate Bill 207 passes.  Like the original bill that started it all (California SB […] read more

Cost Of Massachusetts Encryption Law Compliance.

According to OCABR, you can expect to spend an upfront $3,000 and $500 per month to comply with 201 CMR 17.00 The Office of Consumer Affairs and Business Regulation (OCABR) has published a hypothetical cost for complying with their MA encryption law, 201 CMR 17.00.  A lot of it seems to center around encryption: These […] read more