Tuesday, March 23, 2010

New Data Security Legislation for the Commonwealth

As of March 1, 2010, Massachusetts residents like me now have more protection and safety for their personal information. So what exactly changed?

Now businesses in Mass. that collect personal information such as Social Security numbers, bank or credit card account numbers, have to apply new levels of data protection. The new law applies specifically to data encryption of information stored on any back up platform, even tape. Data is now required to be encrypted if it is moved or copied or is on a mobile device like a laptop or a thumb drive. Companies are now truly responsible for protecting and encrypting personal consumer information.

My guess is that this new change to the law “201 CMR 17.00” is a direct response of the legislature to the huge theft of customer credit information that occurred in 2007 at Massachusetts retailing giant TJX. Additionally, not just companies that collect consumer information but everyone who owns or licenses personal information must have a written plan detailing the measures adopted to safeguard that information.

Here is an excerpt from press release

“Consumers should feel confident that their personal information is protected, and not exposed to loss or theft,” said Governor Deval Patrick. “These regulations improve the safety of personal information, while giving businesses the flexibility to secure that information without undue burden.”

“In two years, over one million pieces of information belonging to Massachusetts residents were lost or stolen, creating stress, worry and financial inconveniences for consumers,” said Barbara Anthony, the Undersecretary of the Office of Consumer Affairs and Business Regulation. “The rules taking effect March 1 will make it less likely that personal information is exposed, and create another layer of protection for consumers.”

In reality the new requirements don’t seem terribly onerous for businesses, even small businesses with limited technical resources given some of the off-the-shelf encryption tools or backup solutions that have encryption built in.

Karl Dias

Remote Data Vault

Friday, March 19, 2010

Laptop Failure Rates

I read an interesting article that said 1 in 3 laptops die in the first three years.

The survey, conducted by a warranty services company, highlighted the following statistics: In the first 3 years of ownership, 31% of laptop owners reported a failure. Two-thirds of this failure (20.4%) came from hardware malfunctions, and one-third (10.6%) was reported as accidental damage. These findings compare quite well with the actual behavior of our users: on average, approximately 11% of our users have to do a full restore of their data each year. Over three years, that's 33% - in line with the 31% of owners reported by the survey. Another motivating statistic from our own users is almost half do a partial restore each year — mostly to recover accidentally overwritten or deleted files.

I'll bet that if you asked the average business owner or senior executive to estimate the likelihood of their computer data getting destroyed, they would assume lower number. At the end of the day, a 1 in 3 chance that you are going to lose everything on your PC or laptop is a clear indicator of the importance of online backup.