Tuesday, September 23, 2008

Casinos take their security seriously? If so, who wrote this law? Who cares why, will any multi-state businesses comply? (Enforcement will likely be based on breach disclosures... ) Some of the pitfalls are explored in the comments.

http://yro.slashdot.org/article.pl?sid=08/09/22/190256&from=rss

Nevada Businesses Must Start Encrypting E-Mail By Oct. 1st

Posted by Soulskill on Monday September 22, @03:53PM from the wouldn't-bet-on-it dept. Encryption Businesses Privacy Security United States

dtothes writes

"Baseline is reporting the state of Nevada has a statute about to go in effect on October 1, 2008 that will force businesses to encrypt all personally identifiable information transmitted over the Internet. They speak with a Nevada legal expert who says the problem is that the statute is written so broadly that the law could potentially open up a ton of unintentional liability and allow for the interpretation of things like password-protected documents to be considered sufficiently encrypted. Quoting: 'Beyond the infrastructure impact, the statute itself looks like Swiss cheese. Bryce K. Earl, a Las Vegas-based attorney, ... has been following the issue closely and believes there are some problems with the statute as it is on the books right now, namely the broad definition of encryption, the lack of coordination with industry standards and the unclear nature of penalties both criminal and civil.'"

[From the article:

The statute was signed into law in 2005 and is about to kick in as an enforceable law next month. Three years flies when you're raking in chips at casinos and enjoying the rising popularity of poker.



Laws & regulations are increasingly forcing “Best Practice” security on organizations.

http://www.pogowasright.org/article.php?story=20080923053741621

MA: Tougher consumer data rule adopted

Tuesday, September 23 2008 @ 05:37 AM EDT Contributed by: PrivacyNews

In the wake of a series of alarming data breaches, placing hundreds of thousands of Massachusetts consumers at risk of identity theft, state regulators released new rules yesterday ordering businesses to better safeguard consumers' personal information.

The regulations, issued by the Massachusetts Office of Consumer Affairs and Business Regulation, require companies that handle personal information such as credit card accounts and Social Security numbers to encrypt data stored on laptops, monitor employee access to data, and take other steps to protect customer information, beginning Jan. 1. Governor Deval Patrick also signed an executive order requiring state agencies to take similar measures.

Source - Boston Globe

[From the article:

The full regulations are online at www.mass.gov/oca.

[I think it's this one: http://www.mass.gov/?pageID=ocamodulechunk&L=1&L0=Home&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca



A much more ambitious approach... How will KISA know the sites you have 'subscribed' to? Will all website operators be required to provide that information? How will they enforce the requirement? Could you identify all the sites you have ever subscribed to?

http://www.pogowasright.org/article.php?story=20080923054123539

Kr: Users May Delete Their Info at Suspicious Web Sites

Tuesday, September 23 2008 @ 05:41 AM EDT Contributed by: PrivacyNews

Internet users will be allowed to erase data about themselves at Web sites that they believe are abusing their personal information, the Korea Communications Commission (KCC) said Tuesday.

The state-run Korea Information Security Agency (KISA) will provide a section in its Web page (http://p-clean.kisa.or.kr) that will provide users with a list of Internet sites they have subscribed to and allow them to pick sites they want their personal information deleted from. KISA will later provide an update on the termination process and confirmation after about four weeks.

Source - The Korea Times



Obvious but difficult?

http://news.slashdot.org/article.pl?sid=08/09/22/2254228&from=rss

Stanford Teaching MBAs How To Fight Open Source

Posted by timothy on Monday September 22, @07:43PM from the then-they-fight-you dept. Businesses GNU is Not Unix Software The Almighty Buck

mjasay writes

"As if the proprietary software world needed any help, two business professors from Harvard and Stanford have combined to publish 'Divide and Conquer: Competing with Free Technology Under Network Effects,' a research paper dedicated to helping business executives fight the onslaught of open source software. The professors advise 'the commercial vendor ... to bring its product to market first, to judiciously improve its product features, to keep its product "closed" so the open source product cannot tap into the network already built by the commercial product, and to segment the market so it can take advantage of a divide-and-conquer strategy.' The professors also suggest that 'embrace and extend' is a great model for when the open source product gets to market first. Glad to see that $48,921 that Stanford MBAs pay being put to good use. Having said that, such research is perhaps a great, market-driven indication that open source is having a serious effect on proprietary technology vendors."



Wish I was in this group...

http://news.cnet.com/8301-17939_109-10048448-2.html?part=rss&subj=news&tag=2547-1_3-0-5

Confirmed: The blogosphere is mainstream

Posted by Dan Farber September 22, 2008 9:23 PM PDT

With nearly 1,000,000 posts a day, the blogosphere is overflowing with content and now fully established as a mainstream rather than fringe phenomenon. Traditional media have adopted blogs as a complementary form of content to the traditional news and feature stories. According to Techhnorati's latest report on the state of the blogosphere, many bloggers are making money. Technorati surveyed a sample of about 1,000 bloggers and found that the mean annual revenue for advertising is $6,000, but sites with 100,000 or more unique visitors are generating more than $75,000 in revenue.

No comments: