in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Mississippi Data Privacy, Data Breach, And Encryption Law: House Bill 583

Mississippi has recently approved HB 583, "an act to require notice of a breach of security."  The law goes into effect on July 1, 2011, giving MS businesses plenty of time to safeguard any sensitive personal information.  Similar to other states, HB 583 provides safe harbor for information that's protected with data encryption like AlertBoot.

Data Encryption Provides Safe Harbor From Breach Notification

Like many states, HB 583 has defined the breach of information security as the loss of personal information that has not been secured by encryption.  In other words, lose personal information that was encrypted and that's not a breach because it's counter to the definition.

I pointed out that this was a very roundabout way of defining a data breach in previous posts, but an effective one nonetheless.  I also noted that such laws are an indirect way of encouraging businesses to employ encryption software to protect sensitive data, since its use obviates the need to alert people to be on the lookout for ID theft and other crimes.

What Is Considered A Personal Information Security Breach In Mississippi?

Personal information is defined by the Mississippi law as the breach of people's first name (or initial) and last name combined with any of the following:

  • Social Security number
  • Driver's license or state identification card number
  • An account number or debit number combined with an access code of some sort

That last one is interesting.  It seems to imply that an account number and the name is lost without a password, or something similar, it's not a breach.

However, plenty of damage can be done if one has a name and an account number (ACH fraud is a growing problem, for example).

Contacting People Whose Information was Breached

If the cost of contacting people is over $5,000 or if the breach affects more than 5,000 people, a substitute notice can be made:  E-mail notice; conspicuous posting at the company website; and notification to state-wide media.  Notice the "and."  It means all of three actions have to be taken.

If the conditions don't merit a substitute notice, a company can choose to contact people by:

  • Written notice
  • Telephone notice
  • Electronic notice (most probably e-mail)

One thing that is interesting is that under HB 583, only those affected by the breach require notification.  The government--like the state Attorney General, for example--doesn't need to be notified.

However, a company found violating the above law is considered to be engaged in an "unfair trade practice" and the AG gets to go after it.


Related Articles and Sites:
http://billstatus.ls.state.ms.us/documents/2010/pdf/HB/0500-0599/HB0583SG.pdf
http://www.infolawgroup.com/2010/04/articles/breach-notification-2/last-state-without-a-breach-notice-law-not-mississippi/

 
<Previous Next>

Hard Disk and File Encryption: Complementary Measures for Better Security

Info Security: BlueCross BlueShield Rhode Island Donates Filing Cabinet Full Of Documents

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.