PKWARE eNewsletter

December 2008 / January 2009
In this Issue

Company News: PKWARE Named a Safe Bet for IT Spending in ’09 on CNET
Product News: Boost Operational Efficiencies, Reduce TCO with SecureZIP®
Success Story: SecureZIP Helps Federal Government Agency Securely Exchange Emails and Meet Compliance Requirements
Product News: Protect Emails and Attachments with SecureZIP Mail Gateway™
Industry News: State Data Breach Notification Laws and “Safe Harbor” Exemptions That Affect Your Organization
Company News: Visit Us at the RSA® Conference 2009, Booth #1849

Archives

Visit our Homepage

PKWARE.com

PDF Version

See PDF Version Here

<< back to front page

Industry News: State Data Breach Notification Laws and "Safe Harbor" Exemptions that Affect Your Organization

To date, 44 states in the United States, as well as the District of Columbia, Puerto Rico and the Virgin Islands, have enacted legislation requiring immediate public notification of security breaches involving stolen, lost, or compromised personal data. State laws vary, but they all require the same action if a security breach befalls your organization: you must promptly report the breach to every impacted customer.

While it can be expensive and uncomfortable to notify your customers, not to mention the harm a breach will have to your company's reputation, many state laws carry a civil or criminal penalty if your company fails to notify customers within the appointed time period. (See what the laws are in states where you conduct business.)

There is, however, a way to avoid notification if a breach occurs, saving your business money and embarrassment. Most state laws provide a "safe harbor" exemption, whereby notification is NOT required if a data breach occurs and the data has been sufficiently encrypted.

Companies using SecureZIP® would be eligible for safe harbor exemptions where applicable. SecureZIP, used by over 25,000 companies worldwide, including 60 percent of the Fortune 100, is an industry-leading family of data security and data management applications. The solutions greatly reduce transmission times and storage requirements, while protecting data in use, in transit, and at rest with strong encryption.

SecureZIP allows you to exchange data securely across all major computing platforms, including mainframe, midrange, server, and desktop systems. It supports X.509 digital certificates, passphrases or both at the same time, plus digital signing for data integrity, providing flexible security that meets varying requirements within different business environments.

While many state security breach notification laws do not require businesses to encrypt personal information, it's widely recognized that the proactive encryption of data is prudent. Encryption, with a solution like SecureZIP, strongly safeguards personal information and qualifies companies for safe harbor exemptions, where allowed by state law.

Legal Disclaimer: Although this article contains information about law, it is not legal advice and should not be used as such. No representation is made to the completeness or accuracy of the information it contains. Readers should consult their own attorney as to how the law may pertain to specific data breach situations or transactions.

<< back to front page