When Experience Matters ®
< Back to Previous Page
Related Practices
Related Industries

E-Commerce Law Week, Issue 398

April 1, 2006

New Breach Notification Laws Springing Up All Over
After a relatively quiet winter, data security legislation is once again brewing in state legislatures.  And, with the advent of Spring, new laws are blooming across the country. Three more states have jumped on the "breach notification law" bandwagon. Since our last update, the governors of Utah (S.B. 69), Wisconsin (Act 138), and Indiana (H.B. 1101) signed data security bills with breach notification provisions. The Utah law is the broadest of the three, with its breach notification sections accompanied by provisions requiring businesses to “implement and maintain” reasonable security procedures. And both Utah and Indiana have requirements regarding the destruction of personal information, which is an important but often overlooked element of any good security policy.

As Information Security Advances, Cyber Criminals Get Primitive
There's some good news and some bad news to report concerning the fight against identity theft and cyber fraud. The good news is that financial institutions and other companies continue to batten down their information security with high-end tecnological measures such as two-stage identification and multifactor authentication.  The bad news is that even the most advanced information security systems often have an Achilles heel -- usually in inadequate, or unenforced, policies covering employees and contractors. The recent spate of thefts of employee or contractor laptops thefts, resulting in the loss of sensitive information, is a perfect example. No matter how much money a company spends on fancy data security measures, these less sexy links in its security chain will continue to be vulnerable to exploitation by clever fraudsters. This doesn’t mean companies should give up on the high-end technological measures. Rather, it means companies need to pay as much attention to the more mundane, less glamorous aspects of security, like establishing and enforcing rules on the handling of sensitive data, and regularly using encryption.

Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2008 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Washington | New York | Chicago | Phoenix | Los Angeles | Century City | Brussels | London