A New Law Could Change the Way You Build Database Applications

Apr 26, 2010, 13:32 (4 Talkback[s])
(Other stories by Brian Moran)

"Massachusetts recently passed a sweeping new data security law that will have a profound impact on the way the United States, and perhaps the rest of the world, manages and develops data-centric applications. Oddly, most people in the business don't seem to know about it.

"Google "Massachusetts data security law, 201 CMR 17.00" and you'll find plenty of facts about the new law. I also encourage you to read InformationWeek's "States' Rights Come to Security Forefront: Massachusetts' new data protection law reaches beyond its borders. Are you ready?" It's one of the best summaries I've seen. But even it falls short of helping you understand the profound impact of this law.

"Here are the basics of the new law. If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it's persisted."

Why would anyone need MS SQL Server to encrypt network transactions and databases? --ed

Complete Story

Related Stories:

• Endpoint Security: How to Protect Data on a Laptop(Apr 14, 2010)
• Break TrueCrypt Dard Drive Encryption Quickly(Mar 30, 2010)
• The Spy in the Middle: Are SSL certificates even more broken than we thought?(Mar 25, 2010)
• How and why your full disk encryption isn't as secure as you think(Mar 23, 2010)
• Ubuntu SSL 2048-bit Key(Mar 23, 2010)
• RSA Authentication Weakness Discovered(Mar 05, 2010)
• How to: Set Up TrueCrypt Disk Encryption, Part 2(Mar 04, 2010)
• VeriSign Debuts New Online Trust Seal(Feb 24, 2010)