Access your Pro+ Content below.
Understanding the Data Accountability and Trust Act
This article is part of the Information Security magazine issue of December 2010
There are currently more than 40 different state and territorial laws that require organizations entrusted with personal identifying information to notify individuals when their information has been exposed to unauthorized parties. These laws range from those only requiring notification to those that mandate full security programs designed to prevent breaches in the first place. They define personal identifying information differently, require different notification processes, and force organizations to deal not only with the victims of the breach, but also the attorneys general of all the states where victims reside. The complexity and cost of notification, let alone the difficulty of ensuring compliance with security program requirements, are daunting. Still, breaches that lead to identity theft happen regularly and people expect organizations to be held accountable for their personal information's security. Politicians have heard the public outcry and have recognized that there is a need for more uniform protection of ...
Access this PRO+ Content for Free!
Features in this issue
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.
Cybercriminals are taking advantage of poorly deployed security software with customized malware designed to infiltrate systems and steal data without being detected.
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.
Columns in this issue
Cloud computing presents a lot of security issues but security professionals need to accept the challenge.
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.
In the 112th Congress, enterprises can expect a heavy focus on Internet privacy issues on Capitol Hill.