> David Wagner writes:
> SB1386 says that if a company conducts business in Caliornia and
> has a system that includes personal information stored in unencrypted from
> and if that company discovers or is notified of a breach of the security
> that system, then the company must notify any California resident whose
> unencrypted personal information was, or is reasonably believed to have
> been, acquired by an unauthorized person. [*]

> [*] This is pretty close to an direct quote from Section 1798.82(a)
> of California law.  See for yourself:
> http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html

Does that mean that you (the company) are safe if all of the personal
information in the database is simply encrypted with the decryption key
laying right there alongside the data?  Alot of solutions do this, some go
to different lengths in trying to obfuscate the key.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to