If it's encrypted its secure! the viability of US state-based encryption exemptions

International Symposium on Technology and Society, Proceedings

Volumn , Issue , 2010, Pages 96-102

  Burdon, Mark ^a   Low, Rouhshi ^a   Reid, Jason ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

AUSTRALIAN LAW REFORM COMMISSION; DATA BREACHES; GOVERNMENT FAILURES; PERSONAL INFORMATION; POTENTIAL CAPABILITY; STATE LEGISLATURES; STATE-BASED;

LAWS AND LEGISLATION; NETWORK SECURITY; TECHNOLOGY;

CRYPTOGRAPHY;

EID: 77955686873     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISTAS.2010.5514647     Document Type: Conference Paper

References (46)

1. L. Rode, "Database Security Breach Notification Statutes: Does Placing the Responsibility on the True Victim Increase Data Security?," Houston Law Review, vol.43, p. 1597, 2007.
2. T. H. Skinner, "California's Database Breach Notification Security Act: The First State Breach Notification Law is Not Yet a Suitable Template for National Identity Theft Legislation," Richmond Journal of Law & Technology, vol.10, 2003.
3. T. J. Smedinghoff, "The New Law of Information Security: What Companies Need to Do Now," Computer and Internet Lawyer, vol.22, p. 9, Nov 2005 2005.
4. P. M. Schwartz and E. J. Janger, "Notification of Data Security Breaches," Michigan Law Review, vol.105, pp. 913-984, 2007.
5. Privacy Rights Clearinghouse. (2009, 21 March). A Chronology of Data Breaches. Available: http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP.
6. F. H. Cate. (2008, Information Security Breaches: Looking Back and Thinking Ahead. Available: http://www.hunton.com/files/tbl-s47Details/ FileUpload265/2308/Information-Security-Breaches-Cate.pdf.
7. F. J. Garcia, "Data Protection, Breach Notification, and the Interplay between State and Federal Law: The Experiments Need More Time," Fordham Intellectual Property, Media & Entertainment Law Journal, vol.17, pp. 693-727, 2007.
8. B. St. Amant, "Misplaced Role of Identity Theft in Triggering Public Notice of Database Breaches," Harvard Journal on Legislation, vol.44, pp. 505- 528, 2007.
9. K. E. Picanso, "Protecting Information Security Under a Uniform Data Breach Notification Law," Fordham Law Review, vol.75, pp. 355-390, 2006.
10. S. Lee, "Breach notification laws: Notification requirements and data safeguarding now apply to everyone, including entrepreneurs," Entrepreneurial Business Law Journal, vol.1, pp. 125-, 2006.
11. Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice. Canberra: Law Reform Commission, 2008.
12. M. E. Jones, "Data Breaches: Recent Developments in the Public and Private Sectors," I/S: A Journal of Law and Policy for the Information Society, vol.3, pp. 555-580, 2007.
13. M. E. Whitman and H. J. Mattord, Principles of Information Security, 2nd ed. Australia: Thomson Course Technology, 2005.
14. Open Security Foundation. (2009, 19 August). Dataloss Statistics. Available: http://datalossdb.org/statistics.
15. D.C. CODE ANN. § 28-3851 (2007).
16. WYO. STAT. ANN. §§ 40-12-501 (Michie 2007).
17. CAL. CIV. CODE (West 2003).
18. COLO. REV. STAT. § 6-1-716.
19. ALASKA STAT. § 45.48.010 (Michie 2009).
20. CONN. GEN. STAT. § 36a-701b (2006).
21. MINN. STAT. § 325E.61 (2006).
22. S.C. CODE ANN. § 39-1-90 (Law Co-op 2009).
23. UTAH CODE ANN. §§ 13-42-101 (2006).
24. N.C. GEN. STAT. §§ 75-160 (2005).
25. IOWA CODE § 715C.1 (2008).
26. OR. REV. STAT. § 646A.600 (2007).
27. OHIO REV. CODE ANN. § 1349.19 (West 2005).
28. IND. CODE §§ 24-4.9-3-11 (2006).
29. N.H. REV. STAT. ANN. §§ 359-C:19 (2007).
30. MASS. GEN. LAWS 93H §1 (2007).
31. ME. REV. STAT. ANN. 10, §§ 210-B-1346 (West 2007).
32. M. Kirkpatrick. (2006, 6 October). Metaverse Breached: Second Life Customer Database Hacked. Available: http://www.techcrunch.com/2006/09/08/ metaversebreached-second-life-customer-database-hacked/.
33. I. Linden. (2006, 6 October). Security Breach Update. Available: https://blogs.secondlife.com/community/feature s/blog/2006/09/22/security- breach-update.
34. J. Lo and Office of the Privacy Commissioner Canada. (2008, 6 October). Second Life: Privacy in Virtual Worlds. Available: http://www.priv.gc.ca/ information/pub/sl-080411-e.cfm#sec3371.
35. Open Security Foundation. (2009, 19 August). Dataloss DB. Available: http://datalossdb.org/about.
36. Open Security Foundation. (2009, 19 August). Primary Sources: Voxant Data Breach. Available: http://datalossdb.org/primary-sources/1220.
37. Open Security Foundation. (2009, 19 August). Primary Sources: Canadian Standards Association Data Breach. Available: http://datalossdb.org/primary- sources/270.
38. Open Security Foundation. (2009, 19 August). Primary Sources: Rochester Institute of Technology Data Breach. Available: http://datalossdb.org/primary- sources/1206.
39. G. Berg, et al., "Analyzing the TJ Maxx Data Security Fiasco: Lessons for Auditors," The CPA Journal, vol.78, p. 34, 2008.
40. J. Pereira, "Breaking The Code: How Credit-Card Data Went Out Wireless Door --- In Biggest Known Theft, Retailer's Weak Security Lost Millions of Numbers," in The Wall Street Journal, ed. New York: Dow Jones & Company, 2007, p. A1.
41. R. Kerber, "TJX Reaches $40m settlement with Visa Over Data Breach," in Boston Globe, ed, 2007.
42. A. Gonsalves. (2009, 12 October). Hacker Pleads Guilty In Major Identify Theft Available: http://www.informationweek.com/news/security/ intrusionprevention/showArticle.jhtml?articleID=220000036.
43. J. Winn, "Are 'Better' Security Breach Notification Laws Possible?," Berkeley Technology Law Journal, Vol.24, 2009, 2009.
44. T. J. Smedinghoff, "The Developing U.S. legal Standard for Cybersecurity," Sedona Conference Journal, vol.4, pp. 109-120, Fall 2003.
45. T. J. Smedinghoff, "Trends in the Law of Information Security," Intellectual Property & Technology Law Journal, vol.17, p. 1(5), 2005.
46. California Office of Privacy Protection, "Recommended Practices on Notice of Security Breach Involving Personal Information," California Office of Privacy Protection May 2008.