Access your Pro+ Content below.
New data protection laws
This article is part of the Information Security magazine issue of January/February 2010
The deadline has been a moving target but come March 1, Massachusetts' new data protection law is finally slated to take effect. 201 CMR 17.00, along with Nevada's 603A, which took effect in January, represent a new class of state regulations that require organizations to deploy specific controls to protect personal identifying information from unauthorized access. Massachusetts and Nevada have established a new standard for personal data protection and appear to have set the stage for more prescriptive laws at the federal level. These new laws are the result of pressures on lawmakers to do something to combat the countless compromises of credit cards, Social Security numbers, and bank account information we hear about every day. They provide clear guidance on how personal data must be protected and who is ultimately responsible for its protection. Instead of just requiring organizations to notify data security breach victims, the new regulations go a step further by trying to prevent breaches from occurring in the first place. ...
Access this PRO+ Content for Free!
Features in this issue
Massachusetts 201 CMR 17.00 and Nevada's data protection law establish new standards for personal data protection
Learn how endpoint data loss prevention technology complements network DLP and secures data that users interact with on laptops, mobile and portable storage devices.
Disaster recovery plans, DLP solutions, and regulatory compliance are top enterprise priorities, according to Information Security's Priorities 2010 survey
Secure coding and vulnerability scanning could mitigate many Web application attacks
Columns in this issue
IT and security managers often make the mistake of being consumed with a specific risk or threat to the detriment of security
Security experts Bruce Schneier and Marcus Ranum debate the possibility of eliminating anonymity on the Internet.
China's hacker attacks against Google's infrastructure, including Gmail accounts of human rights activists as well as Google's source code, should be used to educate enterprises about the reality of cyberespionage from nation states and organized criminals.