in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Reminder: California Breach Notification Law Amended, Beginning 2012, AG Must Be Notified

A timely reminder for the new year: Beginning on January 1, 2012, any businesses that have a data breach must alert the California Attorney General's office if more than 500 Californians are affected.  I'm pretty sure that this does not extend to any sensitive information that was protected with adequate data protection tools, like AlertBoot's laptop encryption software.

I first mentioned this about 6 months ago, here.

Also, the revised law has requirements on what must be included in the breach notification letters sent to customers:

  • Must be in plain language
  • A list of personal information that was breached
  • The date of the breach
  • A description of the breach
  • Whether law enforcement requested a delay in the notification
  • Instructions on contacting the major credit reporting agencies

Encrypted Data

I'm not a lawyer, so I'm not sure whether this train of thought makes sense, but under California law "personal information" is defined as:

composed of an individual’s first name or first initial and last name that is combined with one or more of the following data, wherein either the name or the data it is combined with are not encrypted [my emphasis]

In other words, when you use encryption software to protect data, this is no longer personal information.  Since it's not personal information, it can't lead to a data breach if you lose, say, a laptop with five gazillion names and SSNs.

Hence, encryption provides one with safe harbor from the notification requirements, including the notification to the CA AG.


Related Articles and Sites:
http://www.jdsupra.com/post/documentViewer.aspx?fid=4d164c04-4c60-4ddb-a18d-de3e69533a9e

 
<Previous Next>

Data Encryption: Stratfor Stored Credit Cards In Plain Text

Disk Encryption Software: 1.4M Cattles Group Customers Affected By Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.