Perhaps they are just
fear-mongering in those articles.
I just noticed that in the discussions
area of the information week article it was mentioned that the definition of ‘personally
identifiable information’ in the Massachusetts law was a person’s
name in addition to other private information (such as social security number,
drivers license number, credit card number, etc). The law is posted
at http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf.
I checked out the information in
the pdf file, and ‘private information’ is defined as follows:
Personal information, a Massachusetts resident's first name and last name
or first initial and last name in combination with any one or more of the
following data elements that relate to such resident: (a) Social Security
number; (b) driver's license number or state-issued identification card number;
or (c) financial account number, or credit or debit card number, with or
without any required security code, access code, personal identification number
or password, that would permit access to a resident’s financial account;
provided, however, that “Personal information” shall not include
information that is lawfully obtained from publicly available information, or
from federal, state or local government records lawfully made available to the
general public.
From: Ryan Simmons
[mailto:[log in to unmask]]
Sent: Thursday, April 29, 2010 12:38 PM
To: [log in to unmask]
Subject: [MSUNAG] Data Protection Laws requiring name encryption
The following article was brought to my attention yesterday:
It references the following article:
These articles describe a new data protection law for the
state of Massachusetts
– any “personally identifiable information” (such as first
and last name) for any resident of the state of Massachusetts must be encrypted
in your database and “over the wire”. Fines may be levied in
the order of $5000 per instance. Organizations based outside the state of
Massachusetts (having information about residents of the state of Massachusetts
in their databases) are affected as well.
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5072 (20100429) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5072 (20100429) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com