in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

North Carolina Data Privacy, Data Breach, And Encryption Law

North Carolina does not have a data encryption law per se; instead, it has a personal data breach notification law that gives safe harbor to people who use encryption to protect personal data.

Warning: I'm not a lawyer--the following is strictly what I've taken from the various state laws found on-line.

North Carolina Senate Bill 1048 - Identity Theft Protection Act

The Identity Theft Protection Act gives places a lot of emphasis on the protection of Social Security numbers, meriting its own section, "§ 75-62: Social security number protection."  Under this section, a company is forbidden from making SSNs public; printing them on anything (exceptions do apply); transmitting them without first using encryption on them; or (obviously) selling them, plus a host of other restrictions.

Also, under "§ 75-65: Protection from security breaches," a business is instructed to notify anyone of a data breach--regardless of its format (computerized, paper, or otherwise).

North Carolina Data Breach Notification Letter: What To Include

Unlike most states, N.C. does point out what to include in a data breach letter.  Under § 75-65(d):

  • A description of the data breach incident in general terms
  • The type of personal information that was breached
  • What the affected business is doing to prevent similar future incidents
  • A telephone number so that clients can call for more information, if one's available
  • Advice for people to review their account statements and monitor their credit

North Carolina Data Breach Notification Letter: How To Contact Them

There are several options, depending on availability.

  • Written notice
  • Electronic notice (valid e-mail addresses and permission to be contacted must be in place)
  • Via telephone, assuming phone numbers are available (and the affected person is talked to directly.  Can't leave a message with a roommate or family member, I take it to mean)
  • Substitute notice.  Only if the cost of notifying people exceeds $250,000 or there's more than 500,000 people to contact, or the business just doesn't have the contact information for all involved (notification to statewide media, e.g.)

There is one additional condition.  If more than 1,000 North Carolina residents were affected, the Consumer Protection Division of the Attorney General's Office and all consumer reporting agencies (Equivax et al.) must be notified as well.

Penalties Under North Carolina Senate Bill 1048 - Identity Theft Protection Act

Under "§ 1 539.2C. Damages for identity," it is stated that:

Any person whose property or person is injured may sue for civil damages of up to $5,000 but not less than $500 for each incident OR three times the actual damages, whichever is greater. [my emphasis]

Of course, there's more (much more) on what you have to do when you've had a breach, so make sure you consult with your legal reps.  And maybe looking into getting any identity information protected with encryption software, such as AlertBoot.


Related Articles and Sites:
http://www.ncga.state.nc.us/Sessions/2005/Bills/Senate/HTML/S1048v6.html

 
<Previous Next>

Drive Encryption Software: UK Companies Report 356 Data Breaches In Less Than One Year

Disk Encryption Software: Ashford and St Peter's Loses USB Drives, Pledges Better Handling

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.