Tag Archives: encryption

What Happens in Vegas Really Does Stay in Vegas (Unless It Is Encrypted)

By Brendon Tavelli on June 19th, 2009 Posted in Data Privacy Laws

S.B. 227, which becomes effective on January 1, 2010, will require encryption of all personal information leaving the “logical or physical controls of the data collector,” including electronic data on a “data storage device.”

Decrypting HHS Guidance on Breach Notification and Security under the HITECH Act: NIST, FIPS, and More

By Sara Krauss on June 5th, 2009 Posted in Medical Privacy, Security Breach Notification Laws

Two months after Congress mandated notification for the breach of unsecured protected health information (PHI), the Secretary of Health and Human Services (HHS) defined what it means to be “unsecured.” As required by Section 13402 of the HITECH Act, H.R. 1, 111th Cong. (1st Sess. 2009) (which was part of the American Recovery and Reinvestment Act of 2009), the Secretary issued guidance and a request for comments on the technologies and methodologies rendering information unusable, unreadable or indecipherable. 74 Fed. Reg. 19006 (Apr. 27, 2009) (to be codified at 45 C.F.R. pts. 160, 164).

Massachusetts Regulators Postpone Compliance Deadline and Issue Revised ID Theft Regulations

By Brendon Tavelli on February 13th, 2009 Posted in Data Privacy Laws

On Thursday, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) revised and postponed — for the second time — its comprehensive data security regulations. The new deadline for all covered entities to achieve full compliance with the Massachusetts regulations is January 1, 2010.

UK Court Parts with US Court regarding Compelled Disclosure of Encryption Keys

By Proskauer Rose on October 31st, 2008 Posted in International

On October 9, in the case R v. S and A [2008] EWCA Crim 2177, the Criminal Division of the England and Wales Court of Appeal held that requiring criminal defendants to disclose an encryption key allegedly protecting criminal materials does not violate the privilege against self-incrimination under U.K. law or Article 6 of the… Continue Reading

Leaving Las Vegas . . . IF Encrypted

By S. Montaye Sigmon on September 24th, 2008 Posted in Data Privacy Laws

A Nevada law requiring encryption of customer personal information goes into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970 (2007). While the legislation is short in length, it is potentially wide-ranging in scope. In particular, the legislation requires any “business in this State” to encrypt an electronic transmission (other than via facsimile) of “any personal information of a customer” to “a person outside of the secure system of the business unless the business uses encryption to ensure the security of the electronic transmission.” Id.