Should be interesting to see how Mass tries to enforce the law against a company in, for instance, China. Or even California for that matter. On Wed, Apr 28, 2010 at 1:45 PM, Daniel Fink <daniel.fink@xxxxxxxxxxxxxx>wrote: > There is a law in Massachusetts (USA) that requires any Personal > Identifying Information about any Massachusetts's resident be encrypted and > sets some pretty hefty penalties for violations. It is important to note > that it is not about businesses in/or doing business in Massachusetts, but > any organization that has a client who resides in Massachusetts. > > > http://www.sqlmag.com/print/sql-server/A-New-Law-that-Will-Change-the-Way-You-Build-Database-Applications.aspx > > > http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=224400426&queryText=massachusetts%20cmr > > Cheers, > Daniel (Not a Massachusetts' resident, but still would like to have his > personal info protected) Fink > > -- > Daniel Fink > > OptimalDBA http://www.optimaldba.com > Oracle Blog http://optimaldba.blogspot.com > > Lost Data? http://www.ora600.be/ > > -- > //www.freelists.org/webpage/oracle-l > > > -- Andrew W. Kerber 'If at first you dont succeed, dont take up skydiving.'