Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses

信息安全培训考题
Mark L. Krotoski and W. Scott Tester of Morgan Lewis remind entities that duty to notify of a breach depends on state definitions of personal information, and more states are now including usernames or email addresses as personal information:

Illinois, Nebraska, and Nevada are the latest to add usernames or email addresses to the definition of PI when they are combined with information that would permit access to an online account. The Illinois law took effect on January 1, 2017, while the respective laws in Nebraska and Nevada took effect in 2016.
Three other states (California, Florida, and Wyoming) had previously enacted laws mandating that either a username or email address constitutes PI when combined with a password or security question and answer that would permit access to an online account.
Read more on Lexology
应对社交网络如微博可能对公司带来的安全问题,我们信息安全办公室制定和发布了社交网络使用策略和指南,并对员工进行了信息安全培训和保密意识教育,防止在社交网络泄露与公司、与工作相关的目标、战略、计划、项目等等。
离职员工是信息安全的一大安全威胁,所以必须加强同离职员工签定保密协定,特别针对跳槽到同行业竞争对手的员工。

猜您喜欢

人性的弱点:2017年五大信息安全意识最佳实践
请小心参加社交媒体调查
网络安全公益短片小心披露您的地理位置信息
深圳现共享电单车 交警:上路就罚
CHURCHTECHTODAY MHN
信息安全成了各大公司进行全员培训的热点课程