I Can Almost See My Data Security from Here
“We’re supposed to meet them in ten minutes,” my wife noted and I nodded, resisting the urge to say, “I can almost see our house from here.” Instead, I studied the cartoonish map more closely, trying to discern the kiddie rides from the larger coasters that defy gravity. The problem was, from a great height and on the map, there was a striking similarity between the various coasters.
I just about had it figured out when a terrific gust of wind tore the map from my hands and took it for a ride over the park. It drifted down past the Tilt-A-Whirl and then floated by the water ride before catching another current and ascending above a water tower. Investigators tell me that the map was last seen making a break for the Atlantic Ocean.
The lost cartoon map came to mind this week when I saw a press release for a “Compliance Heat Map” by Imation Corp. “to depict the strictness of data breach laws and resulting penalties for breaches.” The map uses a vivid color scale ranging from dark red (strictly enforced data breach notification laws) to bright yellow (go ahead and leave your data-bearing laptop in a waiting area at the local airport while you run to the restroom) to emphasize the variety of regulations across the U.S.
It’s a nice idea, but like many tools designed to drive sales, it’s a little difficult to interpret. The varying shades of orange are quite subtle, so it’s a challenge to decipher the light orange of Wyoming from the darker orange of Idaho and the burnt orange of Oregon. Or is Oregon’s shade of orange the same as the red of Indiana and New York? Maybe 3-D glasses would help.
I’m not picking on the map, because it confirms an analysis that current state data breach notification laws are strikingly similar, but vary in compliance requirements for businesses, with all laws highlighting the need for companies to deploy methods for closely storing, protecting and controlling sensitive information, as pointed out in the press release. But I think the compliance map may have been coordinated by the same people who made the runaway mine train on the amusement park map look a lot like the 78-mph wooden coaster that feels like astronaut training.
Also, Puerto Rico looks larger than Alaska on the Imation map and the Virgin Islands resemble a buttery yellow jack-o-lantern grin.
But seriously, I am grateful that such a compliance map exists because it brings to light the importance of knowing and complying with the data breach laws in regions where companies conduct business. The accompanying analysis is right on the money by noting that Virginia has the most strict law in the nation, while Alabama, Kentucky, New Mexico and South Dakota haven’t yet gotten around to passing any data security legislation.
So kudos to the Imation folks for coming up with this idea. And if you’d care to learn more about individual state regulations, I encourage you to reference the Redemtech Regulatory Library that we originally posted in 2007 and have updated every year since.
Pardon me, now. I believe I just saw my amusement park map float by the window.