We've had to do data encryption for banking and health care. Here are a couple of lessons learned: 1) live two way encryption is a lot different than just encrypting backed up data 2) the cost of application security is more exponential than linear 3) encryption and decryption can impose a large performance penalty on your application. 5) how good is good enough? the stronger the encryption the larger the more horsepower you need 6) data encryption is only 1 piece of your application security. locking the doors is silly if you leave all the windows open or leave the keys under the door mat. do a system wide security evaluation 7) what are the industry standards? PCI for credit cards -- https://www.pcisecuritystandards.org/, HIPAA, etc ... 8) harden your servers hope this helps, Graham -- Graham Clarke 53 Technology + www.53tech.com + grahamc at 53tech.com + 603-643-9955 aevans1958 at aol.com wrote: > ** Be sure to fill out the survey/skills inventory in the member's area. > ** If you did, we all thank you. > > > > > ------------------------------------------------------------------------ > > I consult for the Massachusetts State Racing Commission and was > recently asked to revise programs written in Visual Basic which store > data in Access to encrypt private data. > This request was in direct response to the new encryption law. I will > be looking into how best do this, and would welcome thoughts/suggestions. > > - Arthur Evans > > > -----Original Message----- > From: Roger Williams <roger at qux.com> > To: David Korpiewski <davidk at cs.umass.edu> > Cc: hidden-discuss at lists.hidden-tech.net > Sent: Thu, 26 Feb 2009 12:17 pm > Subject: Re: [Hidden-tech] New Massachusetts Encryption Law > > ** Be sure to fill out the survey/skills inventory in the member's area. > ** If you did, we all thank you. > > > >>>>> David Korpiewski <davidk at cs.umass.edu <mailto:davidk at cs.umass.edu>> writes: > > > I was just notified about a new Massachusetts data encryption law that is > > going into effect May 1, 2009. It is pretty harsh and requires all data > > with personal information to be encrypted, even on backup tapes. > > IMHO, 201 CMR 17.00 is long overdue. > > Fortunately for folks responsible for implementing it, on 2/12 the Mass Office > of Consumer Affairs and Business Regulation issued a few amendments -- and > another extension. > > Under the extension, the rules will now take effect 1 January 2010. > > (The amendments make the standard for third party vendor relationships more > reasonable, and -- for some unknown reason -- omit the requirement for > encryption to personal data transmitted over public networks or wireless > communications.) > > -- > Roger Williams <roger at qux.com <mailto:roger at qux.com>> > Chief Technical Officer, Qux Corporation > 433 West Street, Suite 8, Amherst, MA 01002, USA > Tel +1 413 253-6400 * Fax +1 508 302-0230 * GSM +1 508 287-1420 > _______________________________________________ > Hidden-discuss mailing list - home page: http://www.hidden-tech.net <http://www.hidden-tech.net/> > Hidden-discuss at lists.hidden-tech.net <mailto:Hidden-discuss at lists.hidden-tech.net> > > You are receiving this because you are on the Hidden-Tech Discussion list. > If you would like to change your list preferences, Go to the Members > page on the Hidden Tech Web site. > http://www.hidden-tech.net/members > > ------------------------------------------------------------------------ > *A Good Credit Score is 700 or Above. See yours in just 2 easy steps! > <http://pr.atwola.com/promoclk/100126575x1218822736x1201267884/aol?redir=http:%2F%2Fwww.freecreditreport.com%2Fpm%2Fdefault.aspx%3Fsc%3D668072%26hmpgID%3D62%26bcd%3DfebemailfooterNO62>* > > ------------------------------------------------------------------------ > > _______________________________________________ > Hidden-discuss mailing list - home page: http://www.hidden-tech.net > Hidden-discuss at lists.hidden-tech.net > > You are receiving this because you are on the Hidden-Tech Discussion list. > If you would like to change your list preferences, Go to the Members > page on the Hidden Tech Web site. > http://www.hidden-tech.net/members