CREDANT Data Compliance Labs
Click individual states to learn more about specific state data security laws and statutes.
Over 45 state governments have mandated corporate data breach notification laws. Many states have also mandated encryption of sensitive customer data. In addition to these state data protection initiatives and other specific compliance regulations, the American Recovery & Reinvestment Act (ARRA) of 2009 (Stimulus Act) mandates additional data breach notification requirements for certain types of companies.
These laws apply to personal information on PCs as well as portable devices such as laptops, smartphones and USB memory sticks that have been lost or stolen.
Non-Compliance: A Risk Companies Can't Afford
Penalties for failing to comply with any data protection initiative can be severe, including punitive fines, adverse publicity and damage to customer relationships. Today, Aa data breach that compromises customer information today can result in more than bad headlines—it can end in bankruptcy.
However, if your organization has proof that the personal information on the stolen device was properly encrypted, damages can be contained and notification is not always required. Frequently, companies that meet federal compliance requirements such as Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley (GLB), Health Insurance Portability and Accountability Act (HIPAA) or Federal Information Security Management Act (FISMA) are also compliant at the state level.
CREDANT Data Compliance Labs (CDCL) is dedicated to ongoing research and education concerning strong, auditable security regardless of where data resides to manage risk, protect sensitive data and enable cost-effective compliance. Data security, implemented correctly, can ensure technology investments grow revenue and improve daily operations as intended, while keeping sensitive data compliant.
