Calif. Attorney General: We Need To Crack Down On Companies That Don't Encrypt 127
tsamsoniw writes "California Attorney Kamala Harris says her office will start cracking down on companies in the Golden State that don't encrypt customer data and fall victim to data breaches; she's also calling on the state to pass a law requiring companies to use encryption. That's just one of the recommendations in the state's newly released data breach report, which says 131 companies in California suffered data breaches in 2012, affecting 2.5 million residents."
Encrypt everything (Score:3, Interesting)
Don't just encrypt private details.
Get rid of users private data, so there is nothing to steal in the first place.
Use eccentric authentication*. Replaces passwords with anonymous client certificates.
Check my: http://eccentric-authentication.org/ [eccentric-...cation.org]
Attorney Generals are good things (Score:4, Interesting)
I've dealt with cleaning up some nasty data breaches over the years, I've had conversations with Attorney Generals when the breaches were bad enough. Companies fear Attorney Generals about as much as they fear being on the wrong end of the international news.
I've been involved with companies where data breaches happen where Attorney Generals while and while not get involved. The difference is night and day for things like encryption, notification of consumers, risk mitigation and other such steps. Pause and think about it for a moment, do you really think California is breached that much more often than other locations, or do people simply find out because the companies fear being on the wrong end of the Attorney Generals pointy stick?
Attorney Generals that give a damn are good things, they give the security professionals at the companies in their states the leverage they need to actually do the things that they want to do (encryption etc).