in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Breach Law Heat Map Verdict: Pretty

Among the many reasons that our clients sign up to use AlertBoot mobile data security solutions for smartphones, tablets, and laptops lie the various data breach notification and data security laws and regulations.

Everyone has their own requirements: how soon notification letters must be sent, if they need to be sent at all; whether the use of encryption software is grounds for safe harbor from doing so; financial penalties; etc.  To put it shortly, it's a giant mess, especially if a company is doing business at a national level.

The folks over at imation.com have created a handy heat map on US data breach laws.  At first glance, it looks quite helpful.  For example, you can tell that only four states don't have breach notification laws as of July 2012: New Mexico, South Dakota, Alabama, and Kentucky.

The remaining US states as well as the US Virgin Islands and Puerto Rico do have laws with varying degrees of "strictness" which are represented via a color-coded scale.

Not Meant to Be Useful?

As pretty as it is, the heat map is less than useful if you're looking for more information.  The biggest shortcoming is the fact that we have no idea how "strictness" was scored or scaled.

For example, Virginia is listed as the state with the strictest data breach notification law, followed by NY, MI, and MA.  This is news to me because the last time I checked, MA's data protection laws were the strictest in the country, with NV's and TX's keeping it company.  The latter two, per Imation, are in middle of the pack.

Heather Clancy at smartplanet.com notes that VA's position makes sense, and "isn't really surprising given that the state is a hub for federal contracting and consulting."  I guess that does make sense.  On the other hand, I've seen plenty about these laws that don't make sense:

  • Allowing "encryption" to be defined so that password-protection could also be considered to be encryption
  • The breach of Social Security numbers only (without first and last names) are actually not considered a data breach

So, "making sense" is not necessarily a condition for these laws.  One thing's for sure: data breach notification laws are quite fractured, and it's no wonder that companies claim they'd welcome the passage of a federal data breach notification law.


Related Articles and Sites:
http://www.smartplanet.com/blog/business-brains/where-are-us-data-breach-laws-toughest-check-this-map/25975
http://www.imation.com/en-US/Mobile-Security/Mobile-Security-Products/Secure-Data/-Resources-/Compliance-Heat-Map/

 
<Previous Next>

BYOD Security: Because Insurers Might Have Second Thoughts On Paying Up

Data Encryption Software: Stolen Cancer Care Group Laptop Contained Backup Media

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.