|
Fifty-two million Americans had their personal information breached during 2005. Hacking accounted for 50% of the incidents, while stolen or lost devices accounted for 25% of the incidents. Lost tapes, insider employee actions, and other miscellaneous issues rounded out the remaining 25%.
The enactment of legislation across multiple states without consistent standards for definitions of “personal information”, “breach”, “encryption”, and “potential risk” has brought confusion to organizations seeking compliance with the requirements of these individual state laws.
VigilantMinds offers numerous strategic and tactical services for organizations in need.
Strategic solutions include:
Intrusion Detection / Prevention – Monitoring and intrusion prevention solutions for systems that store or transmit personal data. VigilantMinds may suggest improved network design to better protect these systems. Our vendor agnostic solution leverages your existing technology, allowing for future growth.
Enterprise Security Assessments – Identify and mitigate vulnerable network configurations before they can be exploited by intruders to gain sensitive information. This comprehensive assessment provides a posture overview of your organization to prioritize remediation and can be tailored around personal information associated with security breaches.
Policy Development – Establish your policies regarding personal information, including sanitization, destruction, protection, and encryption, as well as tailored mitigation steps should a breach occur. VigilantMinds will work with you to develop policies and policy governance procedures to match current legislation and best practices affecting your organization.
VigilantMinds also offers key tactical services that include:
Digital forensics – Discover and preserve vital information that can identify intruders once an event has occurred. VigilantMinds uses best of breed technology and a trained digital forensics team to investigate breaches and preserve necessary evidence.
Professional Consultation – professional consultants are available to perform emergency mitigation work, policy creation and enforcement, network redesign and critical system hardening in the aftermath of a security breach.
|
Varied State Laws
The enactment of legislation across multiple states without consistent standards for definitions of “personal information”, “breach”, “encryption”, and “potential risk” has brought confusion to organizations seeking compliance with the requirements of these individual state laws.
Arkansas Code Title 4 Subtitle 7 Chapter 110
California Civil Code Section 1798.29
California Civil Code Section 1798.82 and 1798.84
Connecticut Public Act 05-148
Delaware Title 6 Subtitle II Chapter 12B
Florida Statutes Title XLVI Chapter 817 Section 568
Georgia Code Title 10 Chapter 1 Section 910-912
Illinois 815 ILCS 530
Indiana Code Title 4 Article 1 Chapter 11
Louisiana Revised Statutes Chapter 51 Title 51 Section 3071-3077
Maine Revised Statute Title 10 Chapter 210-B
Minnesota Statute Chapter 325E.61
Montana Code Title 31 Chapter 3 Section 115
Nevada Revised Statutes Title 52
New Jersey P.L. 2005 Chapter 226
New York Chapter 442
North Carolina Session Law 2005-414
North Dakota Century Code Chapter 51-30
Ohio Revised Code Title 13 Chapter 1347
Pennsylvania Act 2005-94
Rhode Island General Law Title 11 Section 49.2
Tennessee Code Title 47 Chapter 18 Part 21
Texas Code Title 4 Chapter 48
Washington Revised Code of Washington Title 19 Chapter 255 Section 010
|
