Many states are making strides in protecting citizens’ information, while some states still have no laws at all. These laws dictate handling of both electronic and paper records, disposal of data, penalties for noncompliance, and organizations who are subject to data laws. Imation, a data security company researched data breach notification laws and associated penalties to create a “Compliance Heat Map” to show differences between the states.
“We created the map because our end users, customers and clients, are constantly faced with challenges of compliance,” said David Duncan, Imation’s Software & Security Solutions director, by phone Friday. Companies are seeing “explosive data growth” and state and federal requirements that mandate how they handle that data so businesses need resources to help navigate laws, he said.
At a glance, the map shows that Virginia’s data protection laws are the strictest in the nation, while South Dakota, Kentucky, Alabama, and New Mexico have no data protection laws at all.
Through its research Imation found that Virginia’s law outlines what should be included in a breach notification, requires that organizations notify the government and credit reporting agencies, and includes “a large financial penalty relative to other states. “Virginia also requires notification if breached data was encrypted if the encryption keys were also stolen.
Duncan says many of Imation’s customers have written policies that help them meet government requirements but often don’t have the technology to make it happen. The company has released a number of white papers to help organizations start building plans to better protect data.
To see a large version of the map, check out Imation’s Compliance Heat Map page.