FAQ

Is encryption required for compliance with current privacy and security laws?

I'll give you the customary analyst/lawyer answer, it depends. Some of the regulations, like HIPAA and Graham Leach Bliley, require you to perform a risk analysis on your environment. So, you may or may not

Requires Free Membership to View

conclude that encryption is necessary based on your findings.

Some of the state breach notification laws, like California's SB 1386, say that unencrypted personal information falls within the scope of notification. So, if a breach occurs, or is suspected to have occurred, and everything is encrypted, you may not have to report the incident to the information owners. But, if it's unencrypted, that's when you'll have to worry about it. It varies from state to state, so you've definitely got to do some research in this area. Even with SOX, it could be argued that financial controls may include storage encryption.

So, it all depends on the particular scenario, the size of the organization, whether or not you are a credit card merchant for PCI, etc. There needs to be someone in every organization that can look at these laws and say what's what and put you on the right track.

Check out the entire Storage Encryption FAQ guide.


This was first published in October 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: