generally accepted — Insights

210 CMR 17-00, breach notification, creditors, driver's license, FACTA, Fair Credit Reporting Act, FCRA, financial account, FIPS, FTC, generally accepted, health information, HIPAA, HITECH, key management, laptops, Massachusetts, medical data, Nevada, payment card, Payment Card Industry Digital Security Standard, PCI DSS, portable devices, public networks, Red Flags, Red Flags Rule, Security, social security number, SSN, wireless

Code or Clear? Encryption Requirements (Part 2)

By W. Scott Blackmer on October 01, 2009

In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.

Chicago

Washington D.C.

Los Angeles

Austin