reasonable security procedures and practices
Tampa, Fla. (PRWEB) October 24, 2008
Nevada is one of the first. It won't be the last. A new state law requires all Nevada businesses to encrypt customer data, including names and credit-card numbers, which is transmitted electronically.
The new law follows close on the heels of the largest hacking and identity theft case ever. In August 2008, U.S. attorneys in Massachusetts, California and New York - along with the Internal Revenue and Secret Services - indicted eleven men for allegedly stealing 44 million U.S. credit and debit card numbers! The group drove around with laptops looking for un-encrypted transmissions from retailers Barnes & Nobles, Boston Market, OfficeMax, Sports Authority, JX Companies, BJ's Wholesale Club, Forever 21 and DSW.
Now, Nevada Statute 597.970 (2005) specifically prohibits transferring "any personal information of a customer through an electronic transmission," except via facsimile, "unless the business uses encryption to ensure the security of electronic transmission."
Other states are rushing to protect personal consumer information. California's Security Safeguard Act requires companies to implement and maintain "reasonable security procedures and practices" to protect such data. Texas and Rhode Island enacted similar laws requiring companies to adopt procedures relating to information security. Starting in January, Massachusetts will require businesses to encrypt information about that state's residents when stored on laptop computers and other portable devices. Michigan and Washington states are considering similar regulations.
The Nevada law however, is unique because it mandates encryption as a particular security measure, rather than a "reasonable" security procedure, so this may signal the beginning of a trend. Encryption converts computer data into secret code, usually 64 or 128 bits in length. Anything above a 64-bit key should be unbreakable, even with infinitely more powerful super computers. Computer giant Dell offers models with encrypted hard drives, but that does not cover electronic transmissions.
"If history is any indicator, we'll have 40 states with the same law in four years," Gerry Euston, CEO of Ceelox said. A Tampa based developer of biometric and encryption solutions, Ceelox's SecureMail™ program encrypts emails with a government grade 256-bit key. Nationwide adoption of such security, Euston believes, "is just a matter of time."
For companies that comply, the new Nevada law caps their damages at $1,000 per customer for each security breach. Those that do not comply however, are subject to unlimited civil penalties under the proposed enforcement plan, according to James Earl, executive director of the state's task force for technological crimes.
Miriam Wugmeister, an attorney with the national law firm Morrison & Foerster, says the new state data-security laws are stricter than past regulations, which only required businesses to notify people whose personal information they lost. The new laws establish a standard that businesses losing customer data are negligent and potentially liable.
About Nevada Statute 597.970 (2005)
Ceelox, a veteran-owned, small-business, is a developer of biometric and encryption solutions. Ceelox makes biometric and encryption solutions for PCs and networks. Their motto is "Biometric Security Software made Simple." The company allies with former Attorney General John C. Ashcroft's strategic consulting group, technology partners and resellers.
(813) 769-0918 ext.23
13976 Lynmar Boulevard
Tampa, FL 33626
Toll Free: 888-769-0918
# # #