Create an Account
username: password:
 
  MemeStreams Logo

RE: Congress needs to get punched in the face!

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Congress needs to get punched in the face!
Topic: Miscellaneous 1:14 pm EDT, Sep 21, 2009

lonew0lf wrote:
Congress is going to give health care entities an exception to notify people if they get broken in to as long as they use cryptography.

A large percentage of compelled data breach notifications involve accidental data loss - an employee looses their laptop or some backup tapes get misplaced and no one can account for them. If in such cases the data was properly encrypted, it hasn't necessarily been exposed. I think its reasonable for the state to allow entities to forgo notifications in these cases. These kinds of exceptions give these entities a reason to invest in encrypting data at rest and they have motivated large scale adoption of encryption in corporate environments in recent years.

The question is - exactly what kinds of encryption are considered adequate. The Federal Register notification linked through this article says "The guidance specified encryption and destruction as the technologies and methodologies for rendering protected health information, as well as PHR identifiable health
information under section 13407 of the Act and the FTC’s implementing regulation, unusable, unreadable, or indecipherable to unauthorized
individuals such that breach notification is not required. The RFI asked for general comment on this guidance as well as for specific comment on the technologies and methodologies to render protected health information unusable, unreadable, or indecipherable to unauthorized individuals."

If this is something that concerns you'd I'd suggest digging up that guidance and checking to see if you think the requirements are adequate.

RE: Congress needs to get punched in the face!



 
 
Powered By Industrial Memetics
RSS2.0