© 2010 The PowerTech Group, Inc.
All Rights Reserved
The California Security Breach Information Act 1798.29 (originally known as SB-1386), which went into effect in 2003, states:
“(a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”
ANY company that does business in California and maintains private data on California residents is covered by the statute (e.g., this issue applies not only to California companies but also includes any and ALL companies that do business in California).
In 2005 there were several high profile security exposures where large well known companies had to notify hundreds of thousands of consumers that their data had been comprised. Originally companies like ChoicePoint merely notified California residents when data was exposed to an identity theft ring. However, the resulting outcry led other states to follow suit with their own legislation. Now more than 22 states have their own versions of a privacy law, and the United States congress is also considering similar legislation at the federal level. A similar law – the European Union privacy directive - has been in place in Europe for several years now.
The California Law, which has been used as a model by other states, applies to computerized data consisting of an individual's first name or first initial and last name in combination with Social Security number, Driver's License number, bank account information, credit card numbers, and associated access codes. Typically this data is stored in databases on computer servers, and accessed through PC or web-based clients. The biggest threat to data security, however, is when data is moved offsite to remote backup locations or other business parties. There have been recent high profile exposures where major banks have reported lost backup tapes containing the account information of hundreds of thousands of customers.
There is hope! Encryption technology can render private information so that it is not human readable. Privacy laws make an exception if lost or stolen data has been encrypted. If encrypted data is stolen, companies do not have to notify their customers of the exposure.
High profile exposures damage company reputations. Exposures also impact the bottom line – notification is a costly process, especially when companies offer to provide their customers with free credit reports or they spend time taking live calls from angry customers.
PowerTech has helped over 750 customers worldwide to implement sound data security practices for personal information that is stored on AS/400 systems. The PowerTech security solutions protect your company against accidental and malicious exposures of the data.
PowerTech Network Security monitors and limit access to data to only those individuals with a demonstrated need to read or get at the data.
PowerTech Compliance Monitor allows organizations to define security policy across multiple systems and to produce consolidated reports that highlight any exceptions to that policy.
© 2010 The PowerTech Group, Inc.
All Rights Reserved