We WDE everything except servers. A desktop is just a portable to a theif, and despite the apparent exception for desktops in the law our firm doesn't want to take the chance of having to litigate a breech involving an unencrypted [desktop] computer.
On Fri, Mar 12, 2010 at 3:20 PM, David Mazzaccaro < [email protected]> wrote: > As for laptops, I would just assume whole drive encryption and be done w/ > it. > As for internal desktops... I dunno.. IPSEC?? > > > ------------------------------ > *From:* Jonathan Link [mailto:[email protected]] > *Sent:* Friday, March 12, 2010 3:13 PM > > *To:* NT System Admin Issues > *Subject:* Re: Massachusetts law about encryption > > Yes, this has been a major issue for CPA firms dealing with MA clients. > > > > On Fri, Mar 12, 2010 at 3:05 PM, David Mazzaccaro < > [email protected]> wrote: > >> That's what I interrupt it as. >> Just had a webinar on this last week. >> >> >> ------------------------------ >> *From:* David Lum [mailto:[email protected]] >> *Sent:* Friday, March 12, 2010 2:59 PM >> *To:* NT System Admin Issues >> *Subject:* Massachusetts law about encryption >> >> Can someone clarify who this applies to? >> >> “persons who own or license personal information about a resident of the >> Commonwealth of Massachusetts” defined as: >> >> >> >> *Owns or licenses, *receives, stores, maintains, processes, or otherwise >> has access to personal information in connection with the provision of goods >> or services or in connection with employment. >> >> ** >> >> *Person*, a natural person, corporation, association, partnership or >> other legal entity, other than an agency, executive office, department, >> board, commission, bureau, division or authority of the Commonwealth, or any >> of its branches, or any political subdivision thereof. >> >> >> >> Because those people, as of two days ago are to perform “Encryption of all >> transmitted records and files containing personal information that will >> travel across public networks, and encryption of all data containing >> personal information to be transmitted wirelessly" AND "[e]ncryption of all >> personal information stored on laptops or other portable devices . . >> >> >> >> >> http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf?mtcCampaign=-1&mtcEmail=13086283 >> >> >> >> Does that mean if my company does business with someone in Mass that any >> personal data of theirs I have needs to be encrypted when transmitted or >> stored on my systems? >> >> *David Lum** **// *SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 >> *// *(Cell) 503.267.9764 >> >> >> >> >> >> >> >> >> . >> >> >> >> >> >> > > > > > > . > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
