[Hidden-tech] New Massachusetts Encryption Law

Mark Firehammer mark at adeptco.net
Thu Feb 26 12:45:31 EST 2009
Previous message: [Hidden-tech] New Massachusetts Encryption Law
Next message: [Hidden-tech] New Massachusetts Encryption Law
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I use Retrospect. They have a number of products that encrypt backups. Mac
or PC

"Highest level, government standard security for backup media
Retrospect can use 128- or 256-bit AES encryption, in addition to
SimpleCrypt and DES encryption to ensure the security of your data."
 
http://www.retrospect.com/products/software/retroforwin/ 


Adeptco has become:

Mark Firehammer
413 303 0315
SkypeID:  Compatikey
Website: http://techeffective.net
Facebook: Profile
Links: 
Free Support
Remote Support

-----Original Message-----
From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of David
Korpiewski
Sent: Thursday, February 26, 2009 11:16 AM
To: hidden-discuss at lists.hidden-tech.net
Subject: [Hidden-tech] New Massachusetts Encryption Law

   ** Be sure to fill out the survey/skills inventory in the member's area.
   ** If you did, we all thank you.


I was just notified about a new Massachusetts data encryption law that 
is going into effect May 1, 2009.   It is pretty harsh and requires all 
data with personal information to be encrypted, even on backup tapes. 
I'm trying to find a software solution that will use software encryption
when backing up to a tape library one of the companies I work for 
already owns.   Does anyone know of any backup software that supports 
software encryption when dumping data to tape?

Also, I have SQL servers and Access databases with personal data (that I 
did not create, but maintain).   Does anyone know how to encrypt this data?

Thanks
David

Massachusetts encryption law even stricter than Nevada's

Written by Dan Blacharski on October 24, 2008

I recently wrote about Arizona's new law concerning encryption of personal
data. Several states are enacting similar legislation, and encrypting such
data is becoming a de facto national policy. Most recently, Massachusetts
issued new regulations on the same subject last month, and that state's laws
will take effect on January 1, 2009.

The Massachusetts legislation, known as the Standards for the Protection of
Personal Information of Residents of the Commonwealth, is very far-reaching
and considered the strictest regulations to date. The new law adds to
Massachusetts' already stringent security regulations, by requiring all
portable personal data about any Massachusetts resident to be encrypted.
This applies to data transmitted over public networks, or that is stored on
a laptop, or on any type of removable memory device. 
The law requires other mandatory security procedures, including updated user
authentication and authorization.

There is a technical difference between Nevada's and Massachusetts' 
statute in how encryption is defined. For the Nevada law, "encryption" 
is defined as the use of a protective or disruptive measure, including
cryptography, enciphering, encoding, or a computer contaminant, to render
data unintelligible. The Massachusetts statute is more specific, stating
that "encryption" is an algorithmic process that requires a confidential
process or key to decode. Some have argued that since the Nevada law does
not use the word "algorithmic," then password-protection is adequate to
adhere to the letter of the law.

Also, the laws differ in scope. Nevada's law focuses on the electronic
transmission of data, while Massachusetts also includes portability. 
Accordingly, if you have data on a resident of Massachusetts on your hard
drive, even if you do not send it via email or over the Internet, you still
must encrypt that data.





And the update:



Press Release

http://www.mass.gov/?pageID=ocapressrelease&L=1&L0=Home&sid=Eoca&b=pressrele
ase&f=081114_IDTheftupdate&csid=Eoca 


http://www.lawlib.state.ma.us/2008/11/identity-theft-regulation.html 

Monday, November 17, 2008
Identity Theft Regulation Implementation Delayed

The Office of Consumer Affairs and Business Regulation announced Friday that
the effective date of  201 CMR 17 would be delayed. The implementation of
the regulations designed to protect individuals' 
privacy was delayed "to provide flexibility to businesses that may be
experiencing financial challenges brought on by national and international
economic conditions."



New deadlines:

     * "The general compliance deadline for 201 CMR 17.00 has been extended
from January 1, 2009 to May 1, 2009.
     * The deadline for ensuring that third-party service providers are
capable of protecting personal information and contractually binding them to
do so will be extended from January 1, 2009 to May 1, 2009, and the deadline
for requiring written certification from third-party providers will be
further extended to January 1, 2010.
     * The deadline for ensuring encryption of laptops will be extended from
January 1, 2009 to May 1, 2009, and the deadline for ensuring encryption of
other portable devices will be further extended to January 1, 2010."






--
===========================================
David Korpiewski
Software Specialist I
CSCF - Computer Science Computing Facility Department of Computer Science
Phone: 413-545-4319
Fax:   413-577-2285
===========================================
_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members   
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members
Previous message: [Hidden-tech] New Massachusetts Encryption Law
Next message: [Hidden-tech] New Massachusetts Encryption Law
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Hidden-discuss mailing list