Thomas, Legislative Information on the Internet
To help IT comply with new regulations, the government is drawing up guidelines in the form of three Federal Information Processing Standard drafts. The first, FIPS 199, aims to help enterprises classify risks as low, moderate or high for three security objectives: confidentiality, integrity and availability. You can find the draft at csrc.nist.gov/publications/drafts/FIPS-PUB-199-ipd.pdf; NIST is accepting public comments on the matter until August 14, 2003 (see csrc.nist.gov/publications/drafts/FIPS199-FRnotice.pdf). For the second piece of the series, NIST will offer guidelines to help agencies identify the types of information and information system appropriate for each category of data. For the third, NIST plans to specify the minimum sets of security controls for each defined category of information and information system.
In most states accountability does not go back to the original source: the patient or customer. Neither GLBA nor HIPAA require enterprises to inform customers if their personal or private information is compromised, and there is no comprehensive federal law protecting privacy in the United States. Such laws have generally fallen to the states.
Some states have responded, with common law providing remedies for intrusions into the private affairs of their citizens and protecting their private facts from public disclosure. Other states continue to be at the forefront of protecting privacy.
California signed SB 1386 into law in 2002, and it became effective on July 1, 2003. SB 1386 protects California citizens' personal information, including social security, driver's license, credit card and financial account numbers. SB 1386 requires any state agency, person, or business with computerized data that includes unencrypted personal data of a California citizen to disclose breaches in security that compromise that information. The law requires the disclosure to be made as speedily as possible, and any company--regardless of location--that does business with California citizens is affected.
Many people will be watching to see if this law will hold up in court and how it will be enforced by the state attorney general. For example, the law is not precise in regard to what security breaches may trigger the notification requirement, and it is also vague as to the time frame to send the notification.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
