Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
The Business of IT
F E A T U R E  
Feds Reach Out and Touch IT

  July 10, 2003
  By Sean Doherty


>> continued from previous page

With 1386, California Leads the Way

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
Introduction
arrow
All in the Implementation
arrow
Gramm-Leach-Bliley
arrow
Whip Out the Crystal Ball
arrow
HIPAA
arrow
An Open Door Policy
arrow
Sarbanes-Oxley
arrow
Executive Summary
arrow
Law vs. Regulation
arrow
FYI
arrow
With 1386, California Leads the Way
arrow
Hospitals Get HIPAA
arrow
Web Links
arrow
Epoll Results

In most states accountability does not go back to the original source: the patient or customer. Neither GLBA nor HIPAA require enterprises to inform customers if their personal or private information is compromised, and there is no comprehensive federal law protecting privacy in the United States. Such laws have generally fallen to the states.

Some states have responded, with common law providing remedies for intrusions into the private affairs of their citizens and protecting their private facts from public disclosure. Other states continue to be at the forefront of protecting privacy.

California signed SB 1386 into law in 2002, and it became effective on July 1, 2003. SB 1386 protects California citizens' personal information, including social security, driver's license, credit card and financial account numbers. SB 1386 requires any state agency, person, or business with computerized data that includes unencrypted personal data of a California citizen to disclose breaches in security that compromise that information. The law requires the disclosure to be made as speedily as possible, and any company--regardless of location--that does business with California citizens is affected.

Many people will be watching to see if this law will hold up in court and how it will be enforced by the state attorney general. For example, the law is not precise in regard to what security breaches may trigger the notification requirement, and it is also vague as to the time frame to send the notification.

But don't be shortsighted. Look into encrypting private information in your databases and files. It makes good business sense, and your customers will be more confident in their relationship with you. Besides, we predict that the federal government will follow California's lead because if it does not, enterprises may face a patchwork of 50 different state laws. That would be bad for business. And at the very least, 1386 shows that one state recognizes who owns personal information and who should be informed when it is compromised.


start top   FYI Hospitals Get HIPAA 

Research and Reports

Hypervisor Derby
August 2011

Network Computing: August 2011

TechWeb Careers