In his last column for eWeek, Timothy Dyck comments on data security.
This year, California is again shaking the branches with SB 1386, a bill that goes into force just weeks from now on July 1. It requires any organization conducting business in California or?and this is a big “or”?storing personal information on any California resident to disclose to those customers when personal data is reasonably believed to have been compromised. The brand damage done by telling customers that a break-in has occurred, combined with the risk of lawsuits in case of noncompliance, add up to a powerful incentive to be serious about attack defenses and data encryption to limit damage if a break-in does occur. In addition, SB 1386 even exempts companies that have encrypted customer data from the notification requirement?one more example where this legislation makes good sense easier to cost-justify.