There is a law in Massachusetts (USA) that requires any Personal Identifying Information about any Massachusetts's resident be encrypted and sets some pretty hefty penalties for violations. It is important to note that it is not about businesses in/or doing business in Massachusetts, but any organization that has a client who resides in Massachusetts.
http://www.sqlmag.com/print/sql-server/A-New-Law-that-Will-Change-the-Way-You-Build-Database-Applications.aspx http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=224400426&queryText=massachusetts%20cmr Cheers,Daniel (Not a Massachusetts' resident, but still would like to have his personal info protected) Fink
-- Daniel Fink OptimalDBA http://www.optimaldba.com Oracle Blog http://optimaldba.blogspot.com Lost Data? http://www.ora600.be/ -- //www.freelists.org/webpage/oracle-l