Professional Provider of Enterprise IT Solutions

Unitiv Blog

Subscribe to Unitiv Blog: eMailAlertsEmail Alerts
Get Unitiv Blog via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Sarbanes Oxley on Ulitzer

Blog Feed Post

Storage and Data Encryption Law Compliance

it complianceIt’s a whole new world today when it comes to storage management, data encryption and compliance with regulations and laws. The new laws recently passed in both Nevada and Massachusetts, which require all personal data to be encrypted while in transit, has far-reaching effects in the storage world and the IT field at large. You need to be asking what these laws will demand from you and your organization, and then how you’re going to comply. While encryption technology is available on a wide basis, taking that technology and making it fit your organization can be a challenge.

The law is almost never as cut and dried as IT would like. In the case of this Nevada law, experts suggest that the statute is especially vague. Still, the laws don’t answer questions about IT implementations in and of themselves. It’s going to take some time in these two states for those requirements to be interpreted and understood.

Further, it’s not clear how far these laws will spread. In many cases, especially when it relates to technology, privacy legislation expands rapidly until, even if every state doesn’t implement a law, you can bet there will be those in Congress that will try to turn the issue national.

Here are some of the unknowns when it comes to the encryption of storage data, and what to watch for as these laws continue to be passed and as they play out across the country:

•    What data is covered? The laws in these two states don’t cover most information. They have to do with personal information that could, in theory, be used for the purpose of identity theft. So for now, you’re talking about things like financial account numbers, social security numbers, drivers license numbers and the like.

•    Does it include personal date in secure systems? In other words, if you have employee data on a secure server inside of your organization, or even in your storage archives, does that data still require encryption? Whether data transported inside the company should be encrypted will have farther-reaching implications than other issues.

•    Does the law apply only to networks? The laws usually speak of “electronic transmission,” but it doesn’t necessarily spell out what that means. Nevada’s law exempts faxes, but the Massachusetts law is intentionally broad, covering include "electrical, digital, magnetic, wireless, optical, electromagnetic or similar" media. It even names laptops and portable devices.

•    Who enforces these laws and how? Inside of a given state, it would fall to the Attorney General to enforce these laws. The AG would have to choose cases and bring them to legal action. This is going to be costly for any business caught in the crossfire. It’s very likely that the lawmakers hope this question will be incentive enough for organizations to oversee their own compliance tightly.

Obviously, the IT world is going to be watching to see what happens in Nevada and Massachusetts. Time will tell the tale of whether these encryption regulations are likely to spread.

Read the original blog entry...

More Stories By Unitiv Blog

Unitiv, Inc., is a professional provider of enterprise IT solutions. Unitiv delivers its services from its headquarters in Alpharetta, Georgia, USA, and its regional office in Iselin, New Jersey, USA. Unitiv provides a strategic approach to its service delivery, focusing on three core components: People, Products, and Processes. The People to advise and support customers. The Products to design and build solutions. The Processes to govern and manage post-implementation operations.