Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Encryption Garners Exemption For Data Breach Notification

Posted by timothy on from the keep-your-breeches-on dept.

Combat Wombat writes with this excerpt from the Register: "New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no longer be obliged to notify clients of breaches."

4 of 101 comments (clear)

  1. It's like making the law.. by mysidia · · Score: 3, Insightful

    If you wear your seatbelt, you don't have to buy auto-insurance, or report a crash you are involved with.

    Because if everyone was wearing their seatbelt, it's impossible for anyone to have gotten hurt.

    Basically the same logic behind not reporting a data breach, if encryption was used.

    *Not even considering how secure the keys are, and whether the intruder might be able to have gotten some usable data.

    Businesses that use encryption for communications rarely encrypt everything.

  2. Re:The actual document by fluffy99 · · Score: 5, Insightful

    Congratulations, you're one of the few people that read the article or the document itself. My take on this is that if end-end encryption was used, meaning the actual files lost were still securely encrypted and the keys were not compromised, then the data owner does not have to report it as compromised data. Sounds reasonable to me.

    The ACT is also a huge motivator for these agencies to implement encryption in a secure manner, thereby avoiding the whole mess that happens every time a laptop gets stolen and they don't know what files were actually on it.

  3. Re:XOR! by Anonymous Coward · · Score: 4, Insightful

    and I don't either. It's the key management that is the weak point. 10-to-1 the people who claim exemptions under this rule will lose a laptop in the same bag as the usb key that decrypts the whole mess...

  4. Re:XOR! by c_forq · · Score: 3, Insightful

    There is actually a balance between the two. The Congresscritters need both votes and money to survive, so when an election is near letter writing campaigns can be very effective - it takes more effort to write a letter than most people are willing to put in (it is much easier just to punch the card next to the other guys name) so a letter represents more potential votes than the letter writer alone.

    --
    Computers allow humans to make mistakes at the fastest speeds known, with the possible exception of tequila and handguns