Access your Pro+ Content below.
Proactive state privacy laws change security focus to prevention
This article is part of the February 2009 issue of Information Security magazine
There's always been a premium on data protection, but a paradigm shift away from reactive laws toward more proactive and uniform breach-prevention frameworks may up the ante for information security practitioners who can expect a lot of heavy compliance lifting this year. Hardcore data protection laws in Nevada, as of last October, and coming May 1 in Massachusetts, have changed the information security game for everyone. They've mandated prevention; shifting the focus from data-breach notification, though not eliminating that concern, to breach prevention by way of mandatory encryption. When it comes to data handling and data control, encryption is now front and center. The undertone is that data containment is how the game will be won, and encryption is the approach chosen by these states to achieve containment. But even more significant than what these laws read, is what they will do. Requiring businesses to encrypt transmitted personal data (and under the Massachusetts regulations, the encryption of personal information ...