RE: Data Security Law

Daniel,

        As one of those who does have to comply it's done in a rather
invasive way that really does protect the information.  All of our
laptops are encrypted at boot and you need a smart card and pin to
unlock the hard drive.  Boot off of a floppy and the hard drive appears
to be totally blank as if brand new.  Try to boot without the smart card
or the wrong pin(you get 3 tries and the pins are a minimum of 6
characters) and the hard drive will be blank IAW DOD requirements.  It's
not exactly funny, you can't bypass it, but once your through your ok,
just a tad slower.


Dick Goulet
Senior Oracle DBA/NA Team Lead
PAREXEL International

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Daniel Fink
Sent: Wednesday, April 28, 2010 2:46 PM
To: oracle-l
Subject: Data Security Law

There is a law in Massachusetts (USA) that requires any Personal 
Identifying Information about any Massachusetts's resident be encrypted 
and sets some pretty hefty penalties for violations. It is important to 
note that it is not about businesses in/or doing business in 
Massachusetts, but any organization that has a client who resides in 
Massachusetts.

http://www.sqlmag.com/print/sql-server/A-New-Law-that-Will-Change-the-Wa
y-You-Build-Database-Applications.aspx

http://www.informationweek.com/news/security/government/showArticle.jhtm
l?articleID=224400426&queryText=massachusetts%20cmr

Cheers,
Daniel (Not a Massachusetts' resident, but still would like to have his 
personal info protected) Fink

-- 
Daniel Fink

OptimalDBA    http://www.optimaldba.com
Oracle Blog   http://optimaldba.blogspot.com

Lost Data?    http://www.ora600.be/

--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l


Other related posts: