Category: National and State Privacy/Security Law

Lessons Not Learned – Public-Private non-communication in CyberSecurity

One of the deficiencies that came to light in the aftermath of the 9/11 terrorist attacks was the communication failure between competing intelligence agencies.  A report released this past Monday from the Government Accountability Office shows that the same failure to communicate is happening in the cybersecurity arena.  The breakdown in this arena is between [...]

Friday August 20th, 2010 in National and State Privacy/Security Law, Should Have Known Better | No Comments »

NJ Supreme Court impacts privacy expectation

The New Jersey Supreme Court recently ruled that a company shouldn’t have read an ex-staffer’s private e-mails even though they were sent from her employer’s computer.    NorthJersey.com article. Interesting ruling which will certainly change some thoughts as to personal use of work computers.  While I’m a proponent of privacy rights, I’m torn on this particular [...]

Monday April 5th, 2010 in Business and Security, National and State Privacy/Security Law | No Comments »

Cyber Shockwave – A Bust

CNN recently broadcast a cyber-attack simulation meant to demonstrate the potential cascading effects of a widespread attack on our nation’s infrastructure.  The exercise included former federal officials who played the role of key positions in the executive branch to show how the government would respond to the escalating incident.  They even had a flashy headline: [...]

Tuesday February 23rd, 2010 in Awareness and Education, National InfoSec, National and State Privacy/Security Law | 1 Comment »

Lawsuit, breaches and bashing… oh my!

Though it seems obvious that corporations have an obligation to protect the sensitive information they use for business it still amazes me that corporate behavior in this regard is still quite dismissive.  Lawsuits and public embarrassment seem to be the only catalyst for action for many organizations.  That is kind of sad.  Not only is [...]

Tuesday January 19th, 2010 in Business and Security, National and State Privacy/Security Law, Should Have Known Better | No Comments »

House passes Data Breach legislation… jury still out

The U.S. House of Representatives has passed HR 2221, the Data Accountability and Trust Act.  This sets nationwide breach notification requirements that trump the patchwork of State laws that have been in effect with California leading the way in 2002.   The passage was written about in a Federal Computer Week article “House passes bill to [...]

Monday December 14th, 2009 in National and State Privacy/Security Law | No Comments »

Using a Framework to Navigate Regulatory Compliance

The regulatory environment overseeing the protection of sensitive information is incredibly crowded.  Sarbanes-Oxley (SOX), Graham-Leach-Bliley (GLB), the Health Insurance Portability and Accountability Act (HIPAA), HITECH, Red Flags, Payment Card Industry Data Security Standard (PCI-DSS), among a host of state laws and audit guidelines seems to provide the Fort Know of IT risk management if organizations [...]

Wednesday October 21st, 2009 in Business and Security, National and State Privacy/Security Law, PCI | No Comments »

Nevada’s New Privacy Law

SB227 was passed into law and goes into effect in January 2010. It contains requirements for PCI compliance as well as encryption of personally identifiable information. Like any legislation it has both good and bad pieces to it with potential loopholes.

Friday July 10th, 2009 in National and State Privacy/Security Law | 1 Comment »