New State Privacy Regulation Affects Businesses Nationwide
SACRAMENTO
From central stations to churches, businesses and organizations across the country that have electronically stored personal information on California citizens must disclose any unauthorized access of that information. The requirement is a result of a new law in California intended to protect state residents against identity theft.
The law is scheduled to take effect July 1. California Senate Bill 1386 was passed in November 2002 and applies to any organization—business, nonprofit, government entity—regardless of its physical location.
Personal data is specifically defined in the legislation, but it generally refers to the combination of a person’s name with another identifying item, such as a Social Security number, driver’s license number, credit card number or bank account. Organizations that fail to comply could face civil suits and fines.
“Unauthorized access doesn’t just apply to the hacker breaking in from the outside and stealing credit card numbers. It also applies to the janitor who logs on to an idle computer and to the nosy employee who pokes around the customer database without authorization,” says Matt Stevens, vice president of marketing and technology at Network Intelligence Corp., a company working to help firms comply with the new law.
This law compels organizations not only to secure their networks against breaches, but also to actively monitor activity and detect any unauthorized access. If an organization is sued for violating the law, that organization would essentially be required to prove that no unauthorized access had occurred.
To achieve compliance with the law, an organization must diligently report and record network activity and store that information should it become necessary to produce it as evidence.
Legislation similar to the California law has been proposed in the U.S. Congress, which would make this issue relevant to every U.S. organization storing personal data electronically.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
