Compliance Heat Map Illustrates Similarities and Differences in State
Laws, with Virginia’s Being Most Strict; Laws Hint at Myriad of Data
Compliance Challenges Facing Businesses of All Sizes
OAKDALE, Minn.--(BUSINESS WIRE)--Aug. 28, 2012--
Corp. (NYSE: IMN), a global scalable storage and data security
company, today released results of research into state data breach
notification laws and associated penalties. The analysis shows that
current state data breach notification laws are strikingly similar but
vary in compliance requirements for businesses, with all laws
highlighting the need for companies to deploy methods for closely
storing, protecting and controlling sensitive information. Imation used
publicly available sites (including information obtained via the National
Conference of State Legislatures) to analyze state compliance laws
in the 46 U.S. states that have such laws, as well as in Puerto Rico,
the District of Columbia and the U.S. Virgin Islands.
Imation created a “Compliance Heat Map” to depict the strictness of data
breach laws and resulting penalties for breaches. The Compliance Heat
Map provides a visual snapshot of the strictness of regulations by
state, using a color scale ranging from light yellow (less strict) to
dark red (more strict). To view the compliance heat map, click here: www.imation.com/compliancemap.
“What the compliance heat map tells us is that data security needs to be
at top of mind for all IT pros, as there are rules in place for nearly
all states and territories and non-compliance could mean serious
penalties,” said David Duncan, software & security solutions marketing
director, Imation. “Yet, companies also are challenged by explosive data
growth and state and federal requirements that mandate active archiving,
long-term retention and accessibility of that data. Businesses need
resources to help navigate laws and develop secure and scalable
infrastructures for data storage and protection.”
IT pros today are responsible for managing data, which includes ensuring
security, business continuity and regulatory compliance. For small- to
mid-sized businesses, the challenge is often to meet compliance
requirements with limited resources, which leads to higher risk. In
fact, the 2011 Verizon Data Breach report found that businesses with
between 11 and 100 employees reported more than six times as many data
breaches than businesses with between 101 and 1,000 employees, according
to the online website BusinessNewsDaily.
Further, the loss or theft of an unencrypted notebook, flash drive or
removable hard disk drive can expose gigabytes, or even terabytes, of
private information. IT professionals should implement strategies to
protect their data through network security, data encryption and
enforcement of information security policies, while staying
well-informed of state compliance laws in the not-unlikely event that a
data breach does occur.
Compliance Heat Map Findings
Imation’s research found most state data breach notification laws to
offer similar definitions of personally identifiable information and
requirements regarding the notification of affected parties. Among the
research’s noteworthy findings:
Four states have yet to enact a data breach notification law: Alabama,
Kentucky, New Mexico and South Dakota.
According to Imation’s analysis, Virginia has the most strict law in
the nation. The law provides specific requirements on what is to be
included in a breach notification, requires government and credit
reporting agency notification, and includes a large financial penalty
relative to other states.
A few states, including Virginia, require notification even if
breached data is encrypted—if the encrypted data was stolen along with
the encryption keys.
Compliance Heat Map Methodology
To conduct the research, Imation applied to the laws a series of
questions, organized to evaluate the laws’ requirements regarding
encryption, data that is within scope of the laws, notification of data
loss and destruction of data, as well as penalties for non-compliance
with the laws. Imation also considered other germane laws, such as those
dictating data destruction or allowing for consumer freezing of credit
report requests. Imation used publicly available information about the
laws, including the legislation itself.
Imation does not intend for this research to constitute a legal review
of the laws, and in no way are the results of this research intended to
be legal advice. Companies should consult with their legal counsel
before making any decisions regarding legal compliance.
For more information, please visit www.imation.com/compliancemap.
Imation is a global scalable storage and data security company. Our
portfolio includes tiered storage and security offerings for business,
and products designed to manage audio and video information in the home.
Imation reaches customers in more than 100 countries through a powerful
global distribution network and well recognized brands. For more
information please visit www.imation.com.
Imation and the Imation logo are trademarks of Imation Corp and its
Photos/Multimedia Gallery Available: http://www.businesswire.com/cgi-bin/mmg.cgi?eid=50388535&lang=en
Source: Imation Corp.
Natalie Danaher, 651-704-3288
MSL for Imation
Mercedes Carrasco, 781-684-0770