On Fri, Mar 12, 2010 at 11:59, David Lum <[email protected]> wrote: > Can someone clarify who this applies to? > > “persons who own or license personal information about a resident of the > Commonwealth of Massachusetts” defined as: > > Owns or licenses, receives, stores, maintains, processes, or otherwise has > access to personal information in connection with the provision of goods or > services or in connection with employment. > > Person, a natural person, corporation, association, partnership or other > legal entity, other than an agency, executive office, department, board, > commission, bureau, division or authority of the Commonwealth, or any of its > branches, or any political subdivision thereof. > > Because those people, as of two days ago are to perform “Encryption of all > transmitted records and files containing personal information that will > travel across public networks, and encryption of all data containing > personal information to be transmitted wirelessly" AND "[e]ncryption of all > personal information stored on laptops or other portable devices . . > > http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf?mtcCampaign=-1&mtcEmail=13086283 > > Does that mean if my company does business with someone in Mass that any > personal data of theirs I have needs to be encrypted when transmitted or > stored on my systems?
That's the way it reads to me. But IANAL, and I'd recommend bringing this up with your company's counsel. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
