[Hidden-tech] New Massachusetts Encryption Law

Charles Uchu Strader uchu.1 at gaiahost.coop
Mon Mar 2 14:41:56 EST 2009


My two cents:

1) The definition of "personal data" in the statute is different than
"personal information". Both definitions are referenced in this new law.
See copy of the "personal data" definition below, it is more
wide-ranging that "personal information".

2) Encryption of entire sessions after logging into any internet service
is becoming the norm. This means SSL will become more ubiquitous as
there are numerous ways that non-SSL sessions can be faked and
identities stolen as a result.

3) Small offices should always be concerned of data that is "only in the
office". Software bugs, security holes, viruses, etc can always create
potential holes in "non-networked" data... and physical security against
physical break-in is also important.


----

As defined in Massachusetts General Laws Chapter 66A

...

“Personal data”, any information concerning an individual which, because
of name, identifying number, mark or description can be readily
associated with a particular individual; provided, however, that such
information is not contained in a public record, as defined in clause
Twenty-sixth of section seven of chapter four and shall not include
intelligence information, evaluative information or criminal offender
record information as defined in section one hundred and sixty-seven of
chapter six."

----

Charles Uchu Strader
charles at gaiahost.coop 1-800-672-8060 x803
-----------------------------------------------------
GAIA Host Collective, LLC http://www.gaiahost.coop
-----------------------------------------------------

"Internet hosting from an environmentally and
socially concerned worker-owned cooperative"
-----------------------------------------------------








Google

More information about the Hidden-discuss mailing list