During the first Laptop Safety Seminar we gave in Indianapolis on April 23, I was surprised at how many questions we got from the audience about basic wireless laptop security. Of course, when my co-presenter Kim Brand of sponsor FileEngine demonstrated how easy it is to hack a Windows computer over the type of Wi-Fi service provided by coffee houses and hotels, the questions started coming even faster.

But we'll address that next week, because the timely news is the changes in data breach laws coming in states all over the country. Since about half of all data breaches start with a lost or otherwise insecure laptop, let me quote Kevin Erdman of Baker & Daniels, the host of the event (and second largest law firm in Indiana).

“The Indiana statute amendment eliminating the laptop password exception to the data breach law liabilities goes into effect July first,” said Erdman. Believe it or not, many of the early laws drafted by states include essentially a waiver for those laptops protected by the Windows startup password. How in the world legislators talked to security experts about data breaches yet didn't learn that the Windows sign on password is as protective as a bank vault with a screen door, I have no idea.

Good news? Using a Windows “password” no longer counts as a security measure that shows you tried to actually be secure. OK, it works until July first, but after that the bizarre loophole is fixed. Erdman didn't say how many other states have a similar loophole, but since most states base their laws on existing laws in other states, I bet quite a few have this gift to hackers in place.

And why are states passing these laws? Because there is no general federal statute in place. Erdman said, “there will probably be one before long, but not right now.”

The lack of federal guidelines makes for some messy cleanup after a breach. Currently, companies must follow the process of notification about losing a customer's information based on the laws of the state where the customer resides. That means a t-shirt shop in Alaska must figure out the rules for Arkansas if a resident ordered an “I heart Anchorage” t-shirt online. So the t-shirt shop may be up to their knees in legal fees just finding out what they have to do in various states after a data breach, before they start paying to actually fix the problem.