State and Local Government
State and local government agencies in the US rely on sensitive information stored in databases and file servers to process applications that enable essential services. Almost every state has enacted government "data breach notification" laws. These laws generally require government agencies and businesses that have personal information about residents within a state to notify those residents of any unauthorized access to their information.
Thales, with its advanced data security platform, can help you comply with these laws and avoid having to undergo a costly breach notification process. Among the Best-practices for security compliance generally require:
- Limiting access to sensitive data
- Encrypting sensitive data
- Monitoring and reporting user access patterns to identify potential data breaches
- Challenges
- Solutions
- Benefits
State Security Breach Disclosure Laws
Forty-six US states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
| State | Disclosure of Breach of Security Legislation |
|---|---|
| Alaska | Alaska Stat. § 45.48.010 et seq. |
| Arizona | Ariz. Rev. Stat. § 44-7501 |
| Arkansas | Ark. Code § 4-110-101 et seq. |
| California | Cal. Civ. Code §§ 56.06, 1785.11.2, 1798.29, 1798.82 |
| Colorado | Colo. Rev. Stat. § 6-1-716 |
| Connecticut | Conn. Gen Stat. 36a-701(b) |
| Delaware | Del. Code tit. 6, § 12B-101 et seq. |
| Florida | Fla. Stat. § 817.5681 |
| Georgia | Ga. Code §§ 10-1-910, -911 |
| Hawaii | Haw. Rev. Stat. § 487N-2 |
| Idaho | Idaho Stat. §§ 28-51-104 to 28-51-107 |
| Illinois | 815 ILCS 530/1 et seq. |
| Indiana | Ind. Code §§ 24-4.9 et seq., 4-1-11 et seq. |
| Iowa | Iowa Code § 715C.1 |
| Kansas | Kan. Stat. 50-7a01, 50-7a02 |
| Louisiana | La. Rev. Stat. § 51:3071 et seq. |
| Maine | Me. Rev. Stat. tit. 10 §§ 1347 et seq. |
| Maryland | Md. Code, Com. Law § 14-3501 et seq. |
| Massachusetts | Mass. Gen. Laws § 93H-1 et seq. |
| Michigan | Mich. Comp. Laws § 445.72 |
| Minnesota | Minn. Stat. §§ 325E.61, 325E.64 |
| Mississippi | 2010 H.B. 583 (effective July 1, 2011) |
| Missouri | Mo. Rev. Stat. § 407.1500 |
| Montana | Mont. Code §§ 30-14-1704, 2-6-504 |
| Nebraska | Neb. Rev. Stat. §§ 87-801, -802, -803, -804, -805, -806, -807 |
| Nevada | Nev. Rev. Stat. 603A.010 et seq. |
| New Hampshire | N.H. Rev. Stat. §§ 359-C:19, -C:20, -C:21 |
| New Jersey | N.J. Stat. 56:8-163 |
| New York | N.Y. Gen. Bus. Law § 899-aa |
| North Carolina | N.C. Gen. Stat § 75-65 |
| North Dakota | N.D. Cent. Code § 51-30-01 et seq. |
| Ohio | Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192 |
| Oklahoma | Okla. Stat. § 74-3113.1 and § 24-161 to -166 |
| Oregon | Oregon Rev. Stat. § 646A.600 et seq. |
| Pennsylvania | 73 Pa. Stat. § 2303 |
| Rhode Island | R.I. Gen. Laws § 11-49.2-1 et seq. |
| South Carolina | S.C. Code § 39-1-90 |
| Tennessee | Tenn. Code § 47-18-2107, 2010 S.B. 2793 |
| Texas | Tex. Bus. & Com. Code § 521.03 |
| Utah | Utah Code §§ 13-44-101, 13-44-102, 13-44-201, 13-44-202, 13-44-301 |
| Vermont | Vt. Stat. tit. 9 § 2430 et seq. |
| Virginia | Va. Code § 18.2-186.6, § 32.1-127.1:05 (effective January 1, 2011) |
| Washington | Wash. Rev. Code § 19.255.010, 42.56.590 |
| West Virginia | W.V. Code §§ 46A-2A-101 et seq. |
| Wisconsin | Wis. Stat. § 134.98 et seq. |
| Wyoming | Wyo. Stat. § 40-12-501 to -502 |
| District of Columbia | D.C. Code § 28- 3851 et seq. |
| Puerto Rico\ | 10 Laws of Puerto Rico § 4051 et. seq. |
| Virgin Islands | V.I. Code § 2208 |
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota.
Limiting Access to Sensitive Data
The Vormetric Data Security Manager (DSM) from Thales can enforce strong separation of duties by requiring the assignment of key and policy management to more than one data security administrator. In this manner, no one person has complete control over security activities, encryption keys, or administration. In addition, the DSM supports two-factor authentication for administrative access.
Encrypting Sensitive Data
- Vormetric Transparent Encryption protects the environment at the OS and file system level with encryption, access controls and security intelligence information required for compliance and protection for malicious insiders and advanced malware such as advanced persistent threats (APTs).
- Vormetric Application Encryption enables organizations to easily build encryption capabilities into internal applications at the field and column level.
Monitoring and Reporting User Access Patterns to Identify Potential Data Breaches
The Vormetric Data Security Platform produces detailed security event logs that are easy to integrate with SIEM systems to produce compliance and security reports. These security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. These security information logs can report unusual or improper data access and accelerate the detection of insider threats, hackers and the presence of advanced persistent threats (APT) that are inside the perimeter security.
Quick to Install
Thales can work with you to install its Vormetric Data Security solutions in weeks rather than months. Thales solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).
Easy to Use
Vormetric Data Security makes it simple to solve security and compliance concerns by simultaneously protecting data in databases, files and Big Data nodes across public, private, hybrid clouds and traditional infrastructures. Central management of the entire data security platform makes it easy to extend data security protection and satisfy compliance requirements across the entire enterprise, growing as required, without adding new hardware or increasing operational burdens.
Won’t Hurt System Performance
Customers typically report no perceptible impact to end-user experience when using Thales solutions. Vormetric Transparent Encryption performs encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.