[ic] User options
Mike Heins
mike at perusion.com
Thu Apr 6 12:25:45 EDT 2006
Quoting Kevin Walsh (kevin at cursor.biz):
> Peter <peter at pajamian.dhs.org> wrote:
> > under state laws in California and
> > many other states and under a proposed Fedral law, if your customers'
> > private data is compromised in an attack on your servers you are
> > required by law to notify everyone who might have had thier data
> > compromised. If the attacker only got encrypted data but cannot decrypt
> > it then there's nothing that was compromised.
> >
> Not true. If the customer's name, address and telephone number etc. is
> not considered private then their list of previous orders certainly is.
>
> If your server got cracked then you'd have a lot of explaining to do to
> a lot of people.
IANAL, but the way we interpret the laws is that if you don't collect
* Birthdate
* Social Security Number
* Passport number
* Mother's maiden name or other such identity data
* Drivers License number
* Credit card data
* Biometric data including height/weight
* Medical history
then the requirements are a lot less onerous.
We have implemented some sites which store this type of data
but which encrypt it.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
One conclusion should be obvious: If nations such as Indonesia,
Bangladesh and Thailand can not make themselves inoffensive to Militant
Islamism there is no way that the United States could perform such a
feat, no matter which policies we changed or how much our public
diplomacy improved. -- Clifford May
More information about the interchange-users
mailing list