Massachusetts Says Encrypt It All!

Everyone in IT knows that much of the data crossing networks around the world is still unencrypted

Protecting personal data, like backup and disaster recovery, can be hard to get people excited about. Although we see the problem plainly and solutions are widely available, it can be hard to convince business management that technologies like encryption are worth the investment. But new regulations promise to change all that: Massachusetts and Nevada have enacted data protection laws that require encryption of personal information in transit.

It's about time, too. Data losses have been all over the news for a decade, and everyone in IT knows that much of the data crossing networks around the world is still unencrypted. The situation with backup tapes is even worse: The majority of corporations still don't encrypt backup data, and most have poorly-controlled procedures for handling tapes. Every day, businesses create backup tapes containing their most critical and personal data and leave them sitting in a box for a stranger to pick up at a loading dock or reception desk.

Nevada's law, NRS 597.970, took effect Oct 1, 2008. It states the encryption requirement quite plainly:

"A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission"

The Massachusetts law, 201 CMR 17.00, takes effect Jan 1, 2010. It's even more restrictive than the Nevada statute, including the following:

To Continue Reading: Click Here
---------------------------------------------------
Source: cio.utilizer.com
By Stephen Foskett