Thales enables state and local government agencies to address data security and privacy laws and avoid breach disclosure
State and local government agencies in the US rely on sensitive information stored in databases and file servers to process applications that enable essential services. Almost every state has enacted government "data breach notification" laws. These laws generally require government agencies and businesses that have personal information about residents within a state to notify those residents of any unauthorized access to their information.
Thales, with its advanced data security platform, can help state and local governments comply with these laws and avoid having to undergo a costly breach notification process. The following best practices are generally required to comply with digital security laws and regulations:
Controlling access to sensitive data
Encrypting sensitive data
Monitoring and reporting user access patterns to identify potential data breaches
State Security Breach Disclosure Laws
Forty-six US states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
| State | Disclosure of Breach of Security Legislation |
|---|---|
| Alaska | Alaska Stat. § 45.48.010 et seq. |
| Arizona | Ariz. Rev. Stat. § 44-7501 |
| Arkansas | Ark. Code § 4-110-101 et seq. |
| California | Cal. Civ. Code §§ 56.06, 1785.11.2, 1798.29, 1798.82 |
| Colorado | Colo. Rev. Stat. § 6-1-716 |
| Connecticut | Conn. Gen Stat. 36a-701(b) |
| Delaware | Del. Code tit. 6, § 12B-101 et seq. |
| Florida | Fla. Stat. § 817.5681 |
| Georgia | Ga. Code §§ 10-1-910, -911 |
| Hawaii | Haw. Rev. Stat. § 487N-2 |
| Idaho | Idaho Stat. §§ 28-51-104 to 28-51-107 |
| Illinois | 815 ILCS 530/1 et seq. |
| Indiana | Ind. Code §§ 24-4.9 et seq., 4-1-11 et seq. |
| Iowa | Iowa Code § 715C.1 |
| Kansas | Kan. Stat. 50-7a01, 50-7a02 |
| Louisiana | La. Rev. Stat. § 51:3071 et seq. |
| Maine | Me. Rev. Stat. tit. 10 §§ 1347 et seq. |
| Maryland | Md. Code, Com. Law § 14-3501 et seq. |
| Massachusetts | Mass. Gen. Laws § 93H-1 et seq. |
| Michigan | Mich. Comp. Laws § 445.72 |
| Minnesota | Minn. Stat. §§ 325E.61, 325E.64 |
| Mississippi | 2010 H.B. 583 (effective July 1, 2011) |
| Missouri | Mo. Rev. Stat. § 407.1500 |
| Montana | Mont. Code §§ 30-14-1704, 2-6-504 |
| Nebraska | Neb. Rev. Stat. §§ 87-801, -802, -803, -804, -805, -806, -807 |
| Nevada | Nev. Rev. Stat. 603A.010 et seq. |
| New Hampshire | N.H. Rev. Stat. §§ 359-C:19, -C:20, -C:21 |
| New Jersey | N.J. Stat. 56:8-163 |
| New York | N.Y. Gen. Bus. Law § 899-aa |
| North Carolina | N.C. Gen. Stat § 75-65 |
| North Dakota | N.D. Cent. Code § 51-30-01 et seq. |
| Ohio | Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192 |
| Oklahoma | Okla. Stat. § 74-3113.1 and § 24-161 to -166 |
| Oregon | Oregon Rev. Stat. § 646A.600 et seq. |
| Pennsylvania | 73 Pa. Stat. § 2303 |
| Rhode Island | R.I. Gen. Laws § 11-49.2-1 et seq. |
| South Carolina | S.C. Code § 39-1-90 |
| Tennessee | Tenn. Code § 47-18-2107, 2010 S.B. 2793 |
| Texas | Tex. Bus. & Com. Code § 521.03 |
| Utah | Utah Code §§ 13-44-101, 13-44-102, 13-44-201, 13-44-202, 13-44-301 |
| Vermont | Vt. Stat. tit. 9 § 2430 et seq. |
| Virginia | Va. Code § 18.2-186.6, § 32.1-127.1:05 (effective January 1, 2011) |
| Washington | Wash. Rev. Code § 19.255.010, 42.56.590 |
| West Virginia | W.V. Code §§ 46A-2A-101 et seq. |
| Wisconsin | Wis. Stat. § 134.98 et seq. |
| Wyoming | Wyo. Stat. § 40-12-501 to -502 |
| District of Columbia | D.C. Code § 28- 3851 et seq. |
| Puerto Rico\ | 10 Laws of Puerto Rico § 4051 et. seq. |
| Virgin Islands | V.I. Code § 2208 |
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota.
Thales Access Management & Authentication and Data Protection solutions help state and local governments meet data security compliance requirements, facilitate security auditing, protect their customers, and avoid data breaches by protecting data across devices, processes, and platforms on premises and in the cloud.
Access Management & Authentication
Thales’ access management and authentication solutions provide both the security mechanisms and reporting capabilities needed by state and local government organizations to comply with data security regulations. Our solutions protect sensitive data by enforcing the appropriate access controls, when users log into applications that store sensitive data. By supporting a broad range of authentication methods and policy-driven role based access, our solutions help organizations mitigate the risk of data breach due to compromised or stolen credentials or through insider credential abuse.
Support for smart single sign on and step up authentication allows organizations to optimize convenience for end users, ensuring they only have to authenticate when needed. And extensive reporting allows organizations to produce a detailed audit trail of all access and authentication events, ensuring they can prove compliancy with a broad range of regulations.
Learn more about Thales’ Access Management & Authentication solutions.
Data Protection
Thales delivers the industry's most comprehensive and advanced data security for state and local government organizations no matter where the data is. Thales Data Protection solutions discover, classify, and protect the data through obfuscation technologies, such as encryption and tokenization, so that even if the data is stolen, it is unreadable and useless to those who steal it. Thales Data Protection solutions include:
Learn more about Thales’ Data Protection solutions.
Meet Cybersecurity Standards
With Thales data access and security solutions state and local government organizations can achieve data security and protect information from data breaches across the enterprise, in the cloud, and in big data environments. This enables these organizations to comply with worldwide standards and regulations for data security. Thales data security solutions:
The sensitive nature of much of the data held by local and central government agencies places a greater-than-average emphasis on effective cyber-security.
Authentication solutions need to be frictionless. There are a variety of authentication methods that allow organizations to employ standards-based, pluggable authentication solutions based on mission need. Stronger authentication, adopting methods with a higher Authentication...
Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...
Corporate espionage is real and set to intensify, contributing to a shift to the more efficient encryption of sensitive traffic at Layer 2. Compared to IPSec (Layer 3), Layer 2 secure encryption can boost network performance by up to 50%. This paper outlines the shift, and...