California Data Privacy Laws: Is Compliance Good Enough?

Presented by

Chris Merritt, Lumension

About this talk

California SB 1386, which went into effect in July 2003, is the granddaddy of all state data protection laws. It requires that businesses protect customers’ personal information and provide notification if there is a security breach which reveals these data to unauthorized people. Since this California law was passed, 50 of 55 States and Territories have followed suit, enacting some sort of data protection and/or breach notification law. And not all of these laws apply only within State boundaries; for instance, the Massachusetts data protection law (201 CMR 17.00) applies to every organization which obtains personal information on residents of the Commonwealth. In addition to these state laws, there are today numerous federal data privacy, data protection and data breach notification regulations which impact specific industries – such as those included in the HIPAA / HITECH Acts in the healthcare arena. And on top of this, there are industry-specific regulations which apply – such as those in PCI-DSS which impact every organization which takes credit cards. As a result, we are left with a patchwork of confusing and sometimes contradictory statutes and regulations which impact almost every business in the US. By attending this webcast, you will learn: • What statutes and regulations apply to California businesses which collect customer data • What other regulatory requirements might be coming down the pike • Why it’s important to leave the “compliance state of mind” • How to look beyond the letter of the law and how to implement recommended tools and processes for an effective IT risk management program

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (50)
Subscribers (8004)
This channel provides live and on-demand webcasts on a range of Endpoint Management and Security topics, including: identifying the latest trends and best practices for minimizing insider risks, reducing your threat exposure, managing Web 2.0 threats, reducing your cost of compliance and taking control of your endpoints, from both an operational and security perspective.