Skip to Content

Welcome to InfoSecCompliance.com

InfoSecCompliance LLC (”ISC”) is a law firm dedicated to providing solutions for privacy and security legal compliance and risk management, including:

  • assisting clients with the developmment of security and privacy policies and practices that are consistent with regulatory requirements
  • developing contracting procedures and terms that dicate the privacy and security duties between organizations sharing sensitive information or system access
  • analyzing insurance coverage for privacy and security risk and providing guidance on and access to the products that insure against such risk

Latest News from the Blog

Legally Mandated Encryption. - November 14, 2008

Two New State Laws Mandate Encryption of Personal Information

Over the past decade a multitude of information security and privacy laws have been passed mandating some level of security over sensitive information. In most instances legislators and regulators have opted for “technology-neutral” laws obligating “appropriate,” (e.g. “GLB”) “reasonable” (e.g. Cal AB 1950) or “adequate” (e.g. “SOX”) information security. However, starting with California’s SB1386, many States began bringing encryption into their legal regimes by creating an encryption “safe harbor” for security breach notice laws. Nevada and Massachusetts have now gone further and have passed laws that legally mandate some form of encryption with respect to personal information. This article explores the encryption requirements of the Nevada and Massachusetts laws, and analyzes the factors organizations should consider in complying with such laws.

{read more}

The New Path to PCI Liability: 3rd Party Beneficiary Theory - September 30, 2008

Merchants face a potentially huge liability if they suffer a security breach exposing payment card data. Issuing banks (those banks that issue credit cards to consumers) have filed lawsuits to recover reissuiance costs allegedly ranging from $20-$50 per card (multiplied by thousands or millions of cards depending on the magnitude of the breach). A [...]

{read more}