In my last blog post, I pointed out the new laws in Massachusetts and Nevada that require all personal data in transit to be encrypted. That post generated lots of discussion, including thoughtful responses from Steve Duplessie and Joseph Martins, and I urge you to read those as well.
Two key questions remain: What exactly do these laws demand and how will you actually comply with them? Sure, encryption technology is widely available, but actually implementing it has been a slow uphill climb for most IT organizations. Let's examine the implications!
What the Law Requires
In my years of IT consulting, and especially over the last two, where I focused on litigation readiness, I've come to see that laws are rarely as cut and dried and actionable as IT would like. As pointed out by Martins, the Nevada statute is particularly vague. But even the much more lengthy Massachusetts law does not answer the key IT implementation questions. Time will tell how these requirements are interpreted and implemented by the Attourneys General and courts of these two states. Until then, we will have to make some educated guesses based on both the letter and intent of the lawmakers.
Let's examine some of the questions these laws raise:
To Continue Reading: Click Here
---------------------------------------------------
Source: dotnet.sys-con.com
By Stephen Foskett
Subscribe to:
Post Comments (Atom)
1 comments:
Excessive regulation like this serves no one's interest. --Ben
Post a Comment