- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Unified messaging and communications analysis by consultant Michael Osterman.
On Oct. 1, a new Nevada law went into effect that requires organizations operating in the state to encrypt personal information sent outside of the organization. A similar, but more restrictive, law will go into effect on Jan. 1, 2009 in Massachusetts. What this means is that if you operate a business in either state, you will have to encrypt certain types of sensitive information if you send it past your corporate firewall or else face legal consequences.
These laws are the logical extension of California’s SB1386, a law that requires organizations possessing personal information on California residents to disclose to those residents if their data has been breached. Forty-three additional states have enacted laws similar in scope to SB1386 since the passage of that law and the remaining six are likely to do so in the near future.
What these data breach laws mean, coupled with the Nevada and Massachusetts encryption requirements, is that businesses must take data breaches and data protection more seriously than has ever been the case. (Compare Data Leak Protection products)
Most data breaches are inadvertent, such as the Pfizer employee who installed file-sharing software on her company-supplied laptop last year and exposed the records of more than 15,000 fellow employees. Inadvertent or not, the cost of data breaches can be significant in a number of ways: customers or employees whose data is released must be notified, sometime credit reports must be supplied to individuals whose data has been compromised, the reputation of the offending company suffers, revenue may be lost from customers who opt not to do business with a company whose data has been released, and so forth.
Unified communications will make the problem more serious given that data stores will contain more and varied types of information. For example, a compromised unified communication store could release not only e-mails, but also instant messaging conversations, voicemails, faxes and other content. Encryption, coupled with data loss prevention systems will be key to preventing these problems from occurring.
Michael Osterman is principal analyst of Osterman Research.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
GTB Technologies is the one to look at By Anonymous on October 21, 2008, 7:53 pmGTB Inspector has created a dlp solution with zero false positive and false negative rates
Reply | Read entire comment
More reason that the False Positive and False Negative Rates need to be zeroBy Anonymous on October 15, 2008, 2:25 pmAll DLP vendors should be able to state what their False Positive Rate and False Negative rates are. If they're not zero, look elsewhere
Reply | Read entire comment
View all comments