informa
/
Risk
News

Cyber Law Cuts Two Ways

Regional laws - such as Minnesota's credit card data legislation - create both benefits and hardships

4:24 PM -- One of the beauties of the Internet is the fact that it lowers boundaries. It makes us all one group of people, without borders. However, regional laws are becoming a growing issue for companies that want to sell across the Web, because such laws often cut both ways.

One of the best examples of this double-edged sword occurred recently, when the president of eBay India was arrested for child pornography. At first glance, it appeared that the Indian government was doing the right thing.

In fact, however, the eBay executive's actions were intended to help the Indian government locate two teenagers who were selling homemade sex tapes online. But instead of acknowledging his cooperation, the Indian government followed the letter of the law and put the executive in jail. In the end, the law helped protect children -- but an innocent man may have been hurt in the process.

In the world of security, we've seen other examples of regional law's double-edged sword. California's SB 1386, for instance, requires any enterprise that does business in the state to disclose any suspected breach that might expose users' personally identifiable information.

SB 1386 had a huge impact on the rest of the country -- and most people would agree that the impact was for the better, because the law helps protect their information. But the law also has been a hardship on companies that now have to disclose every lost laptop or backup tape and suffer the effects of customer backlash and harsh publicity.

Most recently, Minnesota passed an interesting state law that says Websites are no longer allowed to retain credit card numbers after the transaction has been completed. This makes for an interesting problem for companies that do recurring billing. But it also adds hardship to companies that would otherwise keep data in their logs indefinitely.

Keep credit card data no longer, says Minnesota! Local laws may be the greatest inertial force in data security progress -- even if they do sometimes cut the companies that drive the Internet.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5