In late June, California passed the Security Breach Information Act (S.B. 1386) which went into effect on July 1, 2003.

According to the language of the bill, dubbed the California Breach Law: "This bill, operative July 1, 2003, would require a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."

Essentially, what it says is that companies that do business in California or that have customers in the state need to notify California consumers in writing whenever their personal information may have been compromised or "acquired by an unauthorized person." Companies that do not properly safeguard data or to notify consumers of intrusions could face civil lawsuits, Federal Trade Commission fines of up to $25,000 per day or both for as long as the security breach and lack of disclosure to affected individuals persist. Courts, in the case of a breach, have the right to put an injunction in place that could bar an offending company from using the Internet, e-mail, and more until the breach is corrected.

The purpose of the law is to address the growing problem of identity theft by encouraging companies to be more open about security breaches that may have compromised consumer data. Last year, the number of U.S. consumers that complained about some sort of identity theft nearly doubled to 162,000, according to the Federal Trade Commission (FTC). The most common manifestation of the problem was credit-card fraud. Also included were fraudulently obtaining telephone or utility services, jobs, or government benefits using the victim's name.

Even if you don't do business in California, this is an important issue that should concern you. U.S. Senator Dianne Feinstein (D-Calif.) introduced federal legislation last month modeled on the California law. "I strongly believe individuals have a right to be notified when their most sensitive information is compromised--because it is truly their information," Feinstein said in a statement. "This is both a matter of principle and a practical measure to curb identity theft.”

As a result of this new law, if you don't encrypt data, you open yourself up to lawsuits. Personal information according to this new California law is defined as personal information as a last name paired with a first name or first initial and one of the following: a social security number, a driver's license or California Identification Card number, or a number from a bank account, credit card or debit card, along with a password or security code that would give access to the account.

The California law exempts personal information that a company has stored in an encrypted format, and thus encrypting data may be the easiest way to comply, said Nick Akerman, an attorney with New York law firm Dorsey & Whitney. "If someone brought a lawsuit, the company would have to show that they had the data encrypted," he said. "The law doesn't apply to encrypted data. It's basically saying to companies that if you encrypt the data, you don't have to give notice." ^[1]

So, if you are an e-commerce merchant, regardless of your geographical location, the best way you can protect yourself is to encrypt your customer’s personal data, especially credit card information and passwords. One option is to hire a security firm to encrypt the data for you. Unfortunately, this option still does not exculpate you of responsibility and it would be at considerable cost. Another, more effective solution, would be to use an e-commerce solution that provides this service for you as part of its offering.

[1] Law Aims To Reduce Identity Theft, Robert Lemos, June 30, 2003, found at http://news.com.com/2100-1012_3-1022341.html?tag=fd_lede1_hed

Many online marketers are feeling increased frustration with the fact that fewer and fewer e-mails are reaching their intended destinations. One of the primary reasons is that more and more people are using SPAM filters to eliminate unsolicited e-mail. Some SPAM filters are automatically installed by the customer's e-mail service provider while others are installed by the end user. Many SPAM filters work well, but they inevitably block some legitimate e-mail. How can these marketers get their legitimate opt-in messages through the filter gauntlet?

There is no simple answer to this question and SPAM filters seem to continuously tighten their noose. Adding to this frustrating matter is the multitude of SPAM filter developers, each with their own set of filtering criteria. However, by looking at some published rules set forth by SPAM filters, marketers can garner some ideas on how to increase the delivery rate of their e-mails.

For example, Windows Outlook users can view Outlook's rules by navigating to C:\Program Files\Microsoft Office\Office\Filters.txt on their computers.

MICROSOFT JUNK E-MAIL FILTER README

The Junk and Adult Content filters work by looking for specific key words. The following lists the keywords and respective locations that the Windows Outlook filter identifies when deeming whether or not an e-mail is SPAM.

Junk E-mail Filter:

From is blank
Subject contains "advertisement"
Body contains "money back "
Body contains "cards accepted"
Body contains "removal instructions"
Body contains "extra income"
Subject contains "!" AND Subject contains "$"
Subject contains "!" AND Subject contains "free"
Body contains ",000" AND Body contains "!!" AND Body contains "$"
Body contains "for free?"
Body contains "for free!"
Body contains "Guarantee" AND (Body contains "satisfaction" OR Body contains "absolute")
Body contains "more info " AND Body contains "visit " AND Body contains "$"
Body contains "SPECIAL PROMOTION"
Body contains "one-time mail"
Subject contains "$$"
Body contains "$$$"
Body contains "order today"
Body contains "order now!"
Body contains "money-back guarantee"
Body contains "100% satisfied"
To contains "friend@"
To contains "public@"
To contains "success@"
From contains "sales@"
From contains "success."
From contains "success@"
From contains "mail@"
From contains "@public"
From contains "@savvy"
From contains "profits@"
From contains "hello@"
Body contains " mlm"
Body contains "@mlm"
Body contains "///////////////"
Body contains "check or money order"

Adult Content Filter:

Subject contains " xxx"
Subject contains "over 18"
Subject contains "over 21"
Subject contains "adult s"
Subject contains "adults only"
Subject contains "be 18"
Subject contains "18+"
Body contains "over 18"
Body contains "over 21"
Body contains "must be 18"
Body contains "adults only"
Body contains "adult web"
Body contains "must be 21"
Body contains "adult en"
Body contains "18+"
Subject contains "erotic"
Subject contains "adult en"
Subject contains " sex"
Body contains " xxx "
Body contains " xxx!"
Subject contains "free" AND Subject contains "adult"
Subject contains "free" AND Subject contains "sex"

One of the most interesting rules is "From contains sales@" because so many companies on the internet use a sales e-mail address. Following all of these rules will not guarantee message delivery since these rules only apply to customers that use the Outlook SPAM filter. Nonetheless, heeding to these rules should improve delivery rate for online marketers.

To subscribe to this ezine, please click the link below:
http://www.nexternal.com/nexus/subscribe

To read previous versions of this ezine, please click the link below:
http://www.nexternal.com/nexus

Copyright 2009 Nexternal Solutions, Inc. All rights reserved. No part of this publication may be republished in whole, or in part, without the express written consent of the publisher.