Definition of SB1386
What is SB 1386?
SB 1386 is an existing law that regulates the maintenance and dissemination of personal information by state agencies, as defined, and requires each agency to keep an accurate account of disclosures made pursuant to specified provisions.
|
|
SB1386
Compliance and Risk Management: SB-1386
In a compliance environment that contains overlapping, inconsistent, sometimes untested and often contradictory laws and regulations, organizations must increasingly turn to best practice solutions that will simultaneously combat their real-world information threats while helping them meet regulatory requirements. ISO 17799 is one such best practice framework and Cisco's Self Defending Network provides the first line of corporate defense, because it is the foundation for the organization's data, applications and business processes-all of which must be protected if SB-1386 compliance is to be achieved.
Read the Article
|
SB 1386: How California Wants to Keep Your Secrets
The law, in effect as of July 1, 2003, applies only to Californians, though Americans around the country may reap benefits. It can be extremely expensive and time consuming for companies to sift through customer lists and pull out only those in a specific geographical region, so if a breach occurs, many companies have elected to notify any customer whose information may have been stolen.
Read the Article
|
California S.B. 1386 Whitepaper
This personal information privacy law requires any organization (state agency, person or business) conducting business in California and processing personal information for California residents to disclose any information security breach to California residents whose unencrypted personal information was obtained by an unauthorized person.
Read the Article
|
SB 1386 Bill
This bill requires a business or a State agency that maintains computerized data that includes specified personal information to disclose any breach of the security of that data to any California resident whose unencrypted personal information was, or is reasonably believed to have been,acquired by an unauthorized person. By giving consumers such notice, the bill gives them the opportunity to take proactive steps to ensure that they do not become victims of identity theft.
Read the Article
|
Case Study: One Companys Response to the California Identity Theft Law
The California identity theft law, SB 1386, went into effect July 1, 2003, soon after several cases of identity theft were perpetrated by individuals who had stolen our clients' confidential data. The convergence of these events set the stage for risk mitigation and remediation efforts by the CISO's office, for which I was the assigned lead in my new role of Deputy CISO. This case study tells the story of how our company dealt with these twin challenges, of suffering the theft of some confidential client data, at the same time a new law was enacted that set compliance-goals to protect consumers. An inventory and assessment of over 100 application environments categorized the risk factors emanating from various tiers: Back-end servers, middle-tier (including network) systems, client-tier systems and business-risk. Risks were methodically identified in this fashion and vetted by stakeholders, along with proposed mitigation and remediation actions.
Read the Article
|
|
|
Members currently browsing this category:
|
|
