Home > slashdot > Mass. Data Security Law Says “Thou Shalt Encrypt.”

Mass. Data Security Law Says “Thou Shalt Encrypt.”

April 25th, 2010 04:28 admin Leave a comment Go to comments

emeraldd writes with this snippet from SQL Magazine summarizing what he calls a “rather scary” new data protection law from Massachusetts: “Here are the basics of the new law. If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it’s persisted. Sending PII over HTTP instead of HTTPS? That’s a big no no. Storing the name of a customer in SQL Server without the data being encrypted? No way, Jose. You’ll get a fine of $5,000 per breach or lost record. If you have a database that contains 1,000 names of Massachusetts residents and lose it without the data being encrypted that’s $5,000,000. Yikes.’”

Source: Mass. Data Security Law Says “Thou Shalt Encrypt.”

Related Articles:

  1. Google To Encrypt Cloud Storage Data By Default
  2. Kickstarter Security Breach Exposes Customer Data
  3. Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data
  4. Calif. Attorney General: We Need To Crack Down On Companies That Don’t Encrypt
  5. NASA To Encrypt All of Its Laptops
blog comments powered by Disqus