Secure Information Exchange - Whether It’s Data in Motion or at Rest

Industry and Government Work Together to Ensure Security and Privacy of Data

January 15, 2010 at 10:49 am · Filed under Compliance, Risk Management

By Greg Hoffer

The New Year marked an important milestone in our national history. For the first time, we’re seeing a state turn commercial industry standards for data security and privacy into law.

Nevada’s new privacy legislation, which took effect on January 1, requires government agencies and companies that conduct business in the state and accept payment cards to comply entirely with the Payment Card Industry Data Security Standard (PCI DSS). Those agencies and companies that do not accept payment cards cannot electronically transmit customers’ personal information nor move data storage devices containing customer data outside of the business unless the transmission or data storage device is encrypted. In the statute, another well-known industry standards organization, the National Institute of Standards and Technology (NIST), is used to define acceptable encryption practices.

Security standards put forth by organizations such as PCI and NIST have long been leveraged, independently, by both public and private industry in the U.S. to mitigate the inherent risk posed by electronically transferring sensitive data inside and outside of an organization, and in storing it once it reaches its destination. Updated regularly and crafted by some of the world’s leading information security experts, such industry standards represent a necessary baseline for any organization to improve its overall security procedures. These standards are an excellent place for lawmakers to start when forming meaningful cyber security legislation that protects U.S. citizens, or anyone who does business within the U.S.

While it’s not surprising, it is disappointing that it has taken this long for commercial data security and privacy standards to make their way into public policy. Why haven’t local, state and the Federal governments taken swifter action in protecting their citizens from data breaches? After all, widely publicized breaches like Heartland or, more recently, Google’s China-based attack, (or the many less publicized breaches) have become all too commonplace. They emphasize the risk that all organizations that house or deal with sensitive information face in protecting their digital assets, and serve as a reminder of the profound vulnerability our entire nation faces in protecting the security and privacy of its citizens.

I laud the recent actions of the Nevada State Government in pioneering a security partnership between government and industry. Such actions set a poignant example of how we can work together to protect the sensitive information of citizens. More states — not to mention the Federal government — must follow this example if we are to improve our overall national cyber security procedures.

10 Comments »

  Secure Info Exchange » China vs. Google: The Policy, Strategy and Technology Perspective wrote @ January 23rd, 2010 at 11:12 am

[...] sector. While mandates like SOX, HIPAA and PCI helped create standards within certain industries, few global infosecurity standards and regulations govern how sensitive enterprise data is transferre…. In the absence of comprehensive guidelines, business and IT leaders are left to their own devises [...]

  The differences in the society « Riaz’s Blog wrote @ January 25th, 2010 at 10:08 pm

[...] sector. While mandates like SOX, HIPAA and PCI helped create standards within certain industries, few global infosecurity standards and regulations govern how sensitive enterprise data is transferre…. In the absence of comprehensive guidelines, business and IT leaders are left to their own devises [...]

  Secure Info Exchange » Promoting Improved Cybersecurity—Texas-Style! wrote @ May 7th, 2010 at 12:39 pm

[...] leading information security professionals and experts recognize that the public and private sectors must work together more effectively if we are going to truly build a more secure digital world. This week we saw [...]

  PCBA Assembly wrote @ August 30th, 2010 at 2:21 am

I also laud the actions of the Nevada State Government in pioneering a security partnership between government and industry,lest we rely upon outdated measures that offer insufficient protection for our value assets.

  gusev wrote @ November 19th, 2010 at 3:57 am

RSA 2010 you review is great.

  Pandora wrote @ December 9th, 2010 at 1:00 am

Many, many times. You know it well. Every marketing guru has spoken about this topic. I’m sick of hearing it. But it STILL bears repeating.

  chiang mai travel wrote @ January 4th, 2011 at 9:41 pm

This is nice post . I have gained some useful information from this site. Thanks for sharing this information.

  Houston Plumbing wrote @ January 12th, 2011 at 9:43 am

Here we are, an entire year after this article was originally written, and still facing the same unresolved problems. With the new Republican-ruled government in D.C. what kind of attention and support do you think our sector will receive in 2011? Changes fro the good? For the bad? Or even worse- no changes at all?

  chiang Dao travel wrote @ January 24th, 2011 at 1:17 am

I think that of your article useful to me. It gives me to understand very much.

  SarahShuck wrote @ February 22nd, 2011 at 1:29 am

Information Privacy is an International concern. Today, most countries have laws protecting personal data from misuse and destruction. Regulation and enforcement of data protection varies from country to country.
BR, Sarah Shuck, Job Consultant from resignation letter format

Your comment