Small Business Networking
Data breach laws cover everyone
Customer data needs careful protection.
During the first Laptop Safety Seminar we gave in Indianapolis on April 23, I was surprised at how many questions we got from the audience about basic wireless laptop security. Of course, when my co-presenter Kim Brand of sponsor FileEngine demonstrated how easy it is to hack a Windows computer over the type of Wi-Fi service provided by coffee houses and hotels, the questions started coming even faster.
Related links
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
But we'll address that next week, because the timely news is the changes in data breach laws coming in states all over the country. Since about half of all data breaches start with a lost or otherwise insecure laptop, let me quote Kevin Erdman of Baker & Daniels, the host of the event (and second largest law firm in Indiana).
“The Indiana statute amendment eliminating the laptop password exception to the data breach law liabilities goes into effect July first,” said Erdman. Believe it or not, many of the early laws drafted by states include essentially a waiver for those laptops protected by the Windows startup password. How in the world legislators talked to security experts about data breaches yet didn't learn that the Windows sign on password is as protective as a bank vault with a screen door, I have no idea.
Good news? Using a Windows “password” no longer counts as a security measure that shows you tried to actually be secure. OK, it works until July first, but after that the bizarre loophole is fixed. Erdman didn't say how many other states have a similar loophole, but since most states base their laws on existing laws in other states, I bet quite a few have this gift to hackers in place.
And why are states passing these laws? Because there is no general federal statute in place. Erdman said, “there will probably be one before long, but not right now.”
The lack of federal guidelines makes for some messy cleanup after a breach. Currently, companies must follow the process of notification about losing a customer's information based on the laws of the state where the customer resides. That means a t-shirt shop in Alaska must figure out the rules for Arkansas if a resident ordered an “I heart Anchorage” t-shirt online. So the t-shirt shop may be up to their knees in legal fees just finding out what they have to do in various states after a data breach, before they start paying to actually fix the problem.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• SCO CEO takes the witness stand
• Linux visionary convicted of murder
• Ubuntu releases Hardy Heron
• Computer experts protest Microsoft OOXML
• US software lock-ins harm local bidders
LugRadio Live USA San Francisco, April 12-13 2008.
Nerdapalooza Orlando, Florida, July 4-5 2008.
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Featured Whitepapers
| The Fanatical Support Promise: Our Commitment to You - Rackspace | Webcast: Enterprise Linux Support - Oracle |