Why not servers too?
________________________________ From: Jonathan Link [mailto:[email protected]] Sent: Friday, March 12, 2010 3:35 PM To: NT System Admin Issues Subject: Re: Massachusetts law about encryption We WDE everything except servers. A desktop is just a portable to a theif, and despite the apparent exception for desktops in the law our firm doesn't want to take the chance of having to litigate a breech involving an unencrypted [desktop] computer. On Fri, Mar 12, 2010 at 3:20 PM, David Mazzaccaro <[email protected]> wrote: As for laptops, I would just assume whole drive encryption and be done w/ it. As for internal desktops... I dunno.. IPSEC?? ________________________________ From: Jonathan Link [mailto:[email protected]] Sent: Friday, March 12, 2010 3:13 PM To: NT System Admin Issues Subject: Re: Massachusetts law about encryption Yes, this has been a major issue for CPA firms dealing with MA clients. On Fri, Mar 12, 2010 at 3:05 PM, David Mazzaccaro <[email protected]> wrote: That's what I interrupt it as. Just had a webinar on this last week. ________________________________ From: David Lum [mailto:[email protected]] Sent: Friday, March 12, 2010 2:59 PM To: NT System Admin Issues Subject: Massachusetts law about encryption Can someone clarify who this applies to? "persons who own or license personal information about a resident of the Commonwealth of Massachusetts" defined as: Owns or licenses, receives, stores, maintains, processes, or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment. Person, a natural person, corporation, association, partnership or other legal entity, other than an agency, executive office, department, board, commission, bureau, division or authority of the Commonwealth, or any of its branches, or any political subdivision thereof. Because those people, as of two days ago are to perform "Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly" AND "[e]ncryption of all personal information stored on laptops or other portable devices . . http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf?mtcCampaign=-1&m tcEmail=13086283 Does that mean if my company does business with someone in Mass that any personal data of theirs I have needs to be encrypted when transmitted or stored on my systems? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 . . . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
