Folks, The InfoWorld article referenced by the SQL Serer Magazine guy now states:
"This story was updated on April 20. Massachusetts does not require that written information security programs be filed at this time, just that they exist."
Not only that, but he's incorrect about the encryption being required on *servers*. Again, the InfoWorld article as originally referenced talks about in-place encryption on "laptops and other portable devices". Yes, "PORTABLE DEVICES".
Servers should of course be in a *locked closet*. In-place encryption is not a requirement of the law.
--
IANAL
Slashdot Mirror
Folks, The InfoWorld article referenced by the SQL Serer Magazine guy now states: "This story was updated on April 20. Massachusetts does not require that written information security programs be filed at this time, just that they exist." Not only that, but he's incorrect about the encryption being required on *servers*. Again, the InfoWorld article as originally referenced talks about in-place encryption on "laptops and other portable devices". Yes, "PORTABLE DEVICES". Servers should of course be in a *locked closet*. In-place encryption is not a requirement of the law. -- IANAL
http://hardware.slashdot.org/article.pl?sid=06/12/ 06/027228
I think posting on Slashdot is a good way of creating awareness...