Genny Lin has a unique way of describing life in the North Beach neighborhood of San Francisco. “Winter Place” has a kind of gritty-flashy feel to it, but I especially like the imagery at the end of her poem:
It was only a matter of time before I created a food category. A small block of Taleggio Cheese finally pushed me to document a few fun food facts:
First of all, who knew that a cheese might have a union? After tasting a fine slice of Taleggio this evening I found a site called the Consorzio per la Tutela del Taleggio, which provides English information under the title “The Union of Teleggio Cheese”. According to the Union:
“The Taleggio cheese is, therefore, one of the Italian cheeses whose peculiar characteristics are protected by the European Union, and it is for that reason that milk supplying, its production and its seasoning must be effectuated in the area indicated by the Italian and community legislation.”
Second, the Taleggio moniker apparently requires a certain degree of enforcement. Perhaps if you eat enough of the stuff you might develop a taste for it like bourbon versus rye whiskey, or merlot versus pinot, etc. It thus stands to reason that if a Taleggio doesn’t achieve compliance with Union cheese laws it will not get the required stamp of approval:
“The Union was, since 1981, charged to the vigilance on production and on commerce of the Taleggio cheese, the Union marks each cheese conforming to the requisite specified in the disciplinary of production.”
Sadly, I must confess that I was uninformed as a consumer about how to validate the authenticity of my cheese until after I had eaten it. Next time I will definitely check to see whether I am about to purchase contraband Taleggio, or at least cheese with a forged seal of authenticity.
Warning: This entry was written while under the influence of Taleggio
Just before the 2005 Thanksgiving holiday the Senate Judiciary Panel approved a Personal Data Privacy and Security Act, authored by Specter and Leahy. The soon-to-be-called “Specter-Leahy Act”, also known as the SLA, has some exceptionally vague language even compared to laws (already in effect) at the state level:
Giving individuals access to, and the opportunity to correct, any personal information held by data brokers; Requiring entities that maintain personal data to establish internal policies that protect such data and vet third-parties they hire to process that data; Requiring entities that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data;
In my experience the use of the word “reasonable” in California’s AB1950 law has been remarkably useful in discussions about how to comply. Unfortunately, I do not see anything comparable here that would help clarify when law enforcement should be contacted or how to measure the internal policies for effectiveness (it is easier to draw a line for “reasonable encryption”, for example, than “protective policies”). Enforcement, on the other hand, seems to be very precise:
Section 103 makes it a crime for a person who knows of a security breach requiring notice to individuals under Title IV of this Act to intentionally and willfully conceal the fact of, or information related to, that security breach. Punishment is either a fine under Title 18, or imprisonment of up to 5 years, or both. Any person who, during and in relation to a felony violation of the computer fraud law, knowingly obtains, accesses or transmits a means of identification of another person without lawful authority, may be imprisoned for up to 2 years in addition to the punishment provided for such felony.
Rumor had it that a Representative from Oklahoma was lobbying to delay consideration of the bill by talking turkey, which caused some to suggest that Cole might stop the SLA from being passed. Ha, just kidding.
After months of negotiating contracts and fees in the US for Visa PCI compliance assessments, I just ran into this odd bit of news from Canada that Visa has offered to provide free scans indefiniately. Does this mean there is no need for a certified PCI assessor if you are a Tier 2 merchant or smaller?
According to Visa, the free service, which uses a U.S. vendor but is available across the Asia-Pacific, will be provided “indefinitely” at this point to all merchants that accept Visa cards for payment of goods and services.
Lodens [Visa’s head of third-party assurance] said Visa’s main message, that merchants and third-party processors should not be storing card information, remains unchanged.
“If there is a need for that, then [merchants] need to protect the information,” he said, adding that card-holder data should not be stored. “Where we see incidents of compromise is because merchants are unnecessarily storing information.”
Yes, please do encrypt if you must store the data. And please do protect the keys if you must encrypt…but free security scans from the Payment Card Industry? More research required.