If your interested in the state breach notification laws, then you should check out the Privacy Law Blog .
I’m going to add this to my blog roll because it provides a great deal of information.
For almost every person on earth, there is at least one fact about them stored in a computer database that an adversary could use to blackmail, discriminate against, harass, or steal the identity of him or her. I mean more than mere embarrassment or inconvenience; I mean legally cognizable harm.
The quote is from an article by Nate Anderson – “Anonymized” data really isn’t – and here’s why not
While the card brands have been pushing to get all organizations that accept credit cards for payments to be compliant with the well known payment card industry data security standard (PCI-DSS), there is still little enforcement especially for those smaller merchants. Merchants are broken down into 4 categories:
For those companies that do business in the state of Nevada, it will soon be required by law to be PCI-DSS compliant. Nevada passed a law that goes into effect January 1, 2010 that will make this mandatory. Of course it was mandatory before, but it seems this could add additional penalties to those that are not compliant. It should also be a strong reminder for those that keep putting this off, that PCI compliance is not going away.