Impact of State Privacy Laws on InfoSec
Within California SB1386, one of the greatest concerns for information security and privacy professionals is language that includes liability related to the personally identifiable information of California residents, regardless of where that data is collected and stored.
Tasty Candy Store is a candy manufacturer in Las Vegas, Nevada. It has a special line of high-priced chocolate liqueur truffles that are a popular favorite of visitors to Las Vegas.
Tasty Candy owners saw the potential for expanding their sales by creating a Web site, allowing customers to purchase their favorite sweet treats over the Internet.
Their predictions were accurate, and soon the Tasty Candy Web site was busy processing orders from customers all over the world. Their customer base includes a large number of California residents.
Two years after Tasty Candy set up their Web site, the site fell victim to hackers who gained access to all of the credit card and demographic data for all of Tasty Candy's 12,000 customers.
Use the study materials and any additional research needed to fill in knowledge gaps. Then discuss the following:
What are the mitigating factors that would work to the benefit of Tasty Candy in meeting the requirements of SB1386 that pertain to information breach reporting related to California residents?
What are responsibilities of Tasty Candy in terms of reporting this breach of data specific to California residents?
Are there other state or federal regulations that would impact how and when Tasty Candy reported this data breach to the general public or to specific segments of their customer base?