in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Breach Law: Wyoming Updates Laws On Data Privacy

Wyoming has approved two Senate bills that update the state's data privacy laws.  Senate Files 35 and 36 expand on the definition of what constitutes a breach of personal information, and what steps organizations must take when a data breach takes place.  Missing from the update: a safe harbor clause that would protect organizations if data encryption is used to safeguard the data.

Tokens and Security Questions are PII, Too (According to the Law)

According to trib.com, Senate File 36 amended the definition of "personal identifying information" (PII) to include:
birth or marriage certificates, health and medical insurance information, and "security tokens" like passwords or security questions such as "What is your mother's maiden name?" if they are linked to an account log-in or similar security procedure.
It's a somewhat surprising development, not because the loss or theft of such data should be left out of the legal definition for PII, but because it is so specific.  The thing I've learned about legislators over the past five years is that they hate being too specific about data security definitions because things in the tech world grow old and useless sooner than later.  For example, the inclusion of security questions as PII makes sense, but so do all the other security devices, mechanisms, and protocols that will be developed in the future as well.  It's often simpler and more effective to create a catch-all clause to account for these.

Toll-Free Numbers are Not Enough

Also, the approved bills put a further onus on companies to alert people of a data breach.  Previously, a company only needed to set up a toll-free number where people could call in to get more information on a data breach.  Now,
companies would have to provide information about the types of data that was breached, a description of how the breach happened, when it happened, what actions the company has taken to protect against future breaches and whether notification of the breach was delayed because of a law enforcement investigation.

Related Articles and Sites:
http://trib.com/news/state-and-regional/govt-and-politics/wyoming-senate-committee-tackles-data-privacy-bills/article_24f040a5-99a5-563a-a9d4-96bf685404cc.html
http://www.databreaches.net/wyoming-house-committee-approves-data-definition-breach-notification-bills/
 
<Previous Next>

Smartphone Security: Phone Theft Drops In Cities As Kill Switches Take Hold

Connecticut Data Encryption: Senator To Propose Required Encryption For Insurance Companies

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.