This story is a bit US-centric, but I suspect it’s only a matter of time until the same issue pops up in Canada and in other countries. The state of Massachusetts in the US has passed a law requiring ANYONE storing or transmitting Personally Identifiable Information about its residents to encrypt and protect that information. The fines for failing to do so are substantial. This is interesting because this law seeks to reach beyond the borders of the state. It will be interesting to see how this plays out in the courts over time. In any case, the growing problem is identity theft is likely to spawn similar laws around the world.
If you have clients who redact data from PDF documents before sending them, they should know that the “redacted” data may still be visible.
In an other round of the ever-escalating “armor vs. ordinance” malware battle, some malicious websites are now able to detect search engine “bots” and hide the malware from them. Detecting malware on websites is a priority for Google and Firefox, who use APIs to blacklist malicious sites.
On another front of that same battle, fake malware vendors are gaining ground and the legitimate AV products are having more difficulty detecting the “rogues”.
Breaches are going to happen. Here is an example of what a responsible dissemination of information looks like. Sadly, you rarely see this sort of transparency.
Dennis H in West Virginia, US
April 28, 2010
