It’s been over 11 years since President Clinton signed the Electronic Signatures in Global and National Commerce Act (ESIGN) into law in the United States, yet there are still people and businesses who question the legality of electronic signatures.  This is not as crazy as it sounds, because like many things in the US, state and local laws govern many business transactions.  So don’t be surprised if you are confused.

A case in point is a recent change in New York state law that affects real estate transactions.  On September 23, 2011, New York Governor Andrew Cuomo signed into law a bill that authorizes the electronic recording of documents or instruments affecting real property.  These can be digitized images of the original, executed paper instruments or electronically executed instruments.  This adds onto the existing New York state Electronic Signatures and Records Act (ESRA), which already allowed documents signed electronically to be received, accepted, recorded and stored by government entities in an electronic format.   ESRA clarified that electronic signatures are just as binding as hand-written signatures.

Read the rest of this entry »

This past week an incident occurred at HP that was both embarrassing and very costly.  Just prior to announcing its quarterly earnings on May 17, 2011, three memos were leaked from CEO Leo Apotheker that painted a very bleak picture for the company.  The memos warned of upcoming cost-cutting measures for the company that pointed to a rough few quarters ahead.  Apotheker told executives to “watch every penny and minimize all hiring” and said the firm’s current workforce plans were “unaffordable given the pressures on our business.”

The memos were leaked to news organizations that promptly reported the stories.  As a result of the information, HP’s stock price dropped 5%.  Given their market cap of around $80 billion, that’s a $4 billion oops.  Apotheker told CNBC that he would find out how the memos made their way to the media.  “It is very unfortunate that these things happen and we will try to get to the bottom of this,” Apotheker said. “But I have full confidence in the team that I am working with and we’ll continue to execute.”

Read the rest of this entry »

Next week at the RSA 2011 Conference, the American Bar Association (ABA) will release its new Data Breach and Encryption Handbook.  This book looks at the growing threat of data breaches and how encryption solutions can prevent sensitive data from being compromised.  Since the book is published by the ABA, there is a lot of focus on the legal complexities and ramifications surrounding data breach notification laws and their efficacy.

The book is a compilation of chapters of prominent legal and technology experts from the ABA Section of Science & Technology Law.  The authors will discuss the book’s findings during a panel at the RSA 2011 show and of course have copies for sale.

Given the complexity of the subject, I expect the discussion and solutions to be wide ranging.  Many of the laws developed in the last 10 years or so have the intention of preventing data breaches by using a stick methodology.  If you disclose confidential information, you must pay a fine.  Obviously this has worked in the case of many laws, but one of the areas of focus needs to be prevention in the first place.  Many people are concluding that prevention is cheaper than litigation.  This wasn’t always so as some organizations decided it was cheaper to fight in court than to spend the money on people, process and technology to prevent the problem from occurring.

Read the rest of this entry »

With all the headlines about WikiLeaks and the constant barrage of data breaches, it can be hard to understand where to focus your security efforts.  Most organizations have a combination of firewalls, intrusion detection systems, application proxies, virtual private network (VPN) servers and other perimeter defenses geared to keep people out. 

That’s important, but according to the 2010 Verizon Data Breach Report, most data breaches are caused by people already on the inside.  Almost 50% are existing employees stealing confidential information.  The main motivation is money, revenge or harming your organization in some way.

Read the rest of this entry »

Organizations significantly invest in protecting networks, but are they doing enough to protect their data and records?

Literally almost every day there are announcements about significant data breaches, the most recent being the current WikiLeaks episode.  For years organizations have invested more and more in technology to protect their networks (both externally and internally) as well as for spam protection. Of course this is important and is the right thing to do.  You certainly want to keep people from being able to access and manipulate your network; however there is a chicken and egg syndrome here.  In most cases, the reason internal or external people want to breach the network is to access important data/records.  So it makes sense to put as much focus on protecting the actual data/records as on protecting your network access.

Read the rest of this entry »