Privacy and Security Bits and Bytes

Some news items for the last Friday in March -

Another state has joined the Payment Card Industry Data Security Standard ("PCI") bandwagon. On March 22, 2010, Washington state became the third state to incorporate the into law. The Washington House and Senate passed HB 1149 and it has been signed into law by the governor. HB 1149 amends Washington’s breach notice law (and borrows some of its definitions). Similar to Minnesota’s Plastic Card Security Act, HB 1149 provides issuing banks a legal mechanism to collect the costs to reissue payment cards after a payment card security breach. The law is effective July 1, 2010

How often do you change your password? A Symantec report discovers that an astounding 10 percent of us don’t change them AT ALL. Most users don't change password often enough, report says Digital Media - CNET News

Condom Web Site Threatens to Sue Person who Outed Their Leakage - An Indian Web site that sold Durex condoms has threatened legal action against the person who exposed a data breach on the site. Earlier this month, a user of the site noticed that he could view customers' names, addresses, contact numbers and order details, The Register reports.

Following up on a Privacy and Security Bits and Bytes from a couple of weeks ago on the potential privacy implications of copy machines, The Toronto Star has a more in-depth piece on the wealth of information stored on the hard drives of high-end copy machines.