California paved the way with the first enacted legislation in 2002. In summary, this legislation requires any one that conducts business in California and owns or licenses computerized data that includes personal information to disclose to any resident of California of a potential personal information breach.
This groundbreaking legislation was taken up by New York in 2003. This type of legislation continued to spread across the United Status. In 2010, 42 states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation on the notification of security breaches involving personal information. As of March 2011, 12 states have introduced new or revised security breach notification related legislation.
If a business entity operates on any level (local, national or international level) and if that business maintains customer's personal information, the owners need to be aware of the various state laws requiring disclosure of data security breaches. This includes lost, stolen or misplaced tape backups that potentially contain personal identity information. For more information on cost versus risk of using an offsite media storage facility, refer toOffsite Tape Storage - How to protect the business through disaster preparedness using offsite tape backup storage.
The National Conference of State Legislation consolidates this information. To read more on the various legislative laws for each state refer to NCSL- Breach of Information site.
The European Union is a little slower to act on security breach notification laws. As of 2009, the EU was still trying to hash out the details of what makes up a data breach and how should companies handle it. They have reviewed and considered the various U.S. state legislation. Many of the EU states have some level of security breach notification laws but lack in other areas already covered under U.S. law. There are too many documents to list here. Keyword search for "European Union Security Breach Notification Laws".
One final note about data security, many states have data disposal laws on the books as well. These laws provide requirements for business entities to follow during the destruction and disposal of digital and traditional forms of media that contain personal identity information. Refer to NCSL - Data Disposal Laws site.
Scotty Sanders, a Software Development Professional, is familiar with not having good data backups or a disaster recovery plan. Scotty invites you to his growing online resource at http://www.backupmypcdata.com where he shares his knowledge, research and lessons learned from past mistakes when it comes to hard drive crash recovery, disaster recovery planning and much more.
Cyber insurance plans cover a variety of costs related to cyber attacks, including revenue lost from downtime, notifying customers impacted by a data breach, and providing identity theft protection for such customers.
ReplyDeletevirtual data rooms