The Register recently reported that the European Commission is considering passing EU-wide laws on data breach notification, along the lines of those in place in the USA already. Viviane Reding, the Information Security Commissioner said:
“The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.”
The committee formed from Europe’s national [...]

Today my team announced the general availability of McAfee’s new endpoint encryption product for PC’s, totally integrated into our central management system, ePolicy Orchestrator.
Though we’ve had encryption products since the acquisition of SafeBoot in 2007, and those products have been deployable and reportable in ePO from soon after that – Endpoint Encryption for PCs 6.0 [...]

This week I’ve been working my way through H.R 2221 – the “Data Accountability and Trust Act” . This proposed legislation is making its way through the Committee on Energy and Commerce at the moment, and if passed, will rationalize data protection legislation across the USA at a federal level.
The act enforces a few requirements [...]

On September 23, the once-toothless HIPAA legislation grew dangerous fangs.   Previously, HIPAA requirements were enforced by audits and self certification without significant penalties. But as part of the Health Information Technology for Economic and Clinical Health (HITECH Act), which was part of the 2009 Stimulus Bill, organizations who suffer from data breaches are now required [...]

Although maybe unnoticed, a month ago Missouri finally joined that heady club called “States which have Data Privacy Laws.”
On 28th August, the “Missouri Data Breach Notification Law,” or House Bill 62, took effect. The bill may not protect, but at least enforces care and attention, residents’ personal information (Social Security Numbers, Driver’s License Numbers, and [...]

Although maybe unnoticed, a month ago Missouri finally joined that heady club called “states which have Data Privacy Laws.”
On 28th August, the “Missouri Data Breach Notification Law,” or House Bill 62 took effect, not protecting, but at least enforcing care and attention of residents personal information (Social Security Numbers, Driver’s Licence Numbers, and information which [...]

Last week, one of my colleagues asked me to comment on 45 CFR Parts 160 and 164, which for those of us who can’t remember all the code names for the various USA Federal docs, is the one in which the Department of Health and Human Services publishes its interim final rule under HIPAA and [...]

With the forthcoming release of Windows 7, questions about “Bitlocker” are coming up again.
For those of you who were around during the original release of Bitlocker, or as it was known then “Secure Startup,” you’ll remember that it was meant to completely eliminate the necessity for third party security software. Yes, Bitlocker was going to [...]

This week’s (potential) major fail goes to Apple for the iPhone 3GS security. As reported by Wired and others, it seems the new 3GS encryption touted by Apple in their “iPhone Security Overview” isn’t so secure after all.
The official description of the new feature sounds pretty good:
iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption [...]

Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.