Cyber Law Cuts Two Ways

Regional laws - such as Minnesota's credit card data legislation - create both benefits and hardships

Dark Reading Staff, Dark Reading

September 20, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

4:24 PM -- One of the beauties of the Internet is the fact that it lowers boundaries. It makes us all one group of people, without borders. However, regional laws are becoming a growing issue for companies that want to sell across the Web, because such laws often cut both ways.

One of the best examples of this double-edged sword occurred recently, when the president of eBay India was arrested for child pornography. At first glance, it appeared that the Indian government was doing the right thing.

In fact, however, the eBay executive's actions were intended to help the Indian government locate two teenagers who were selling homemade sex tapes online. But instead of acknowledging his cooperation, the Indian government followed the letter of the law and put the executive in jail. In the end, the law helped protect children -- but an innocent man may have been hurt in the process.

In the world of security, we've seen other examples of regional law's double-edged sword. California's SB 1386, for instance, requires any enterprise that does business in the state to disclose any suspected breach that might expose users' personally identifiable information.

SB 1386 had a huge impact on the rest of the country -- and most people would agree that the impact was for the better, because the law helps protect their information. But the law also has been a hardship on companies that now have to disclose every lost laptop or backup tape and suffer the effects of customer backlash and harsh publicity.

Most recently, Minnesota passed an interesting state law that says Websites are no longer allowed to retain credit card numbers after the transaction has been completed. This makes for an interesting problem for companies that do recurring billing. But it also adds hardship to companies that would otherwise keep data in their logs indefinitely.

Keep credit card data no longer, says Minnesota! Local laws may be the greatest inertial force in data security progress -- even if they do sometimes cut the companies that drive the Internet.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Read more about:

2007

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Concept art, computer code and camera lenses in glowing light green arcs on black background
Application Security
Keep Tier-One Applications Out of Virtual EnvironmentsKeep Tier-One Applications Out of Virtual Environments
byMorey Haber
Sep 25, 2024
5 Min Read
CrowdStrike logo on smatphone screen
Cyberattacks & Data Breaches
CrowdStrike Offers Mea Culpa to House CommitteeCrowdStrike Offers Mea Culpa to House Committee
byJai Vijayan, Contributing Writer
Sep 25, 2024
4 Min Read
Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen-Test Arrests, 5 Years LaterDark Reading Confidential: Pen-Test Arrests, 5 Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events