The states that don’t protect your data

The security of personal information is paramount to all US citizens. However, with so many activities now involving the transfer of personal data, what guaranteed safeguards are there to ensure that your information is safe, and how do you know if it isn’t? If you collect, use or transfer personal data yourself, how do you maintain its security and, with it, customer confidence?

US data breach notification laws

There is no single federal law regulating the use of personal data in the United States. Numerous bills have been introduced to Congress over the years to establish a national standard for data security but none has yet been passed.  Instead, citizens must rely on the many – often contradictory – state laws.

The first security breach notification law in the US, California’s Security Breach Information Act (SB 1386), became operative on July 1, 2003. It requires agencies, persons or businesses that own or license computerized personal information to give notice to residents of California if their unencrypted personal information has been, or is reasonably believed to have been, acquired by an unauthorized person. All organizations that use Californian citizens’ data must comply. Compliance, however, is relatively straightforward: encrypted data isn’t covered, so the easiest way to ensure compliance is to encrypt all data.

47 of the 50 states have now introduced their own data breach notification laws – each with their own requirements – and only Alabama, New Mexico and South Dakota don’t have comparable legislation. The need for a single federal law to provide a nationwide approach to tackling information security breaches remains strong. In the meantime, the best way to ensure the security of any data you hold or process is to introduce an Information Security Management System (ISMS) based on the international best-practice Standard ISO 27001. ISO 27001 provides a holistic approach to information security for US businesses.

Find out more about how ISO 27001 can help you by downloading our free green paper Information Security and ISO 27001 >>