RE: Data Security Law

        As one of those who does have to comply it's done in a rather invasive way that really does protect the information. All of our laptops are encrypted at boot and you need a smart card and pin to unlock the hard drive. Boot off of a floppy and the hard drive appears to be totally blank as if brand new. Try to boot without the smart card or the wrong pin(you get 3 tries and the pins are a minimum of 6 characters) and the hard drive will be blank IAW DOD requirements. It's not exactly funny, you can't bypass it, but once your through your ok, just a tad slower.

Dick Goulet
Senior Oracle DBA/NA Team Lead
PAREXEL International

-----Original Message-----

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Daniel Fink Sent: Wednesday, April 28, 2010 2:46 PM
To: oracle-l
Subject: Data Security Law

There is a law in Massachusetts (USA) that requires any Personal Identifying Information about any Massachusetts's resident be encrypted and sets some pretty hefty penalties for violations. It is important to note that it is not about businesses in/or doing business in Massachusetts, but any organization that has a client who resides in Massachusetts.

http://www.sqlmag.com/print/sql-server/A-New-Law-that-Will-Change-the-Wa y-You-Build-Database-Applications.aspx

http://www.informationweek.com/news/security/government/showArticle.jhtm l?articleID=224400426&queryText=massachusetts%20cmr

Cheers,
Daniel (Not a Massachusetts' resident, but still would like to have his personal info protected) Fink

--

Daniel Fink

OptimalDBA http://www.optimaldba.com
Oracle Blog http://optimaldba.blogspot.com

Lost Data? http://www.ora600.be/

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Wed Apr 28 2010 - 14:38:05 CDT