Don’t panic. SQL Server magazine published “A New Law Could Change the Way You Build Database Applications” a few days ago which gives the initial impression that all of us in the industry have a lot of work to do to comply with Massachusetts’ new legislation on personal information security.
Commenters on Slashdot and reddit were quick to label the piece as much too light) considering the kind of damage identity theft can cause.
It’s annoying that it has been implemented at a US state level (if all states enacted similar legislation, you’d have 50 different sets of rules to keep track of), but the law itself seems sane to me. As our sysadmin succinctly put it: “It looks like a sudden outbreak of common sense.”
If you are in the business of handling confidential personal information and don’t already have a “Written Information Security Plan”, you should probably look into drafting one. The Massachusetts Office of Consumer Affairs and Business Regulation has also done an pretty good job of providing supporting information to help people comply with the new regulations.
Aside: If you’re interested in encryption, Mike Ivanov has put together some great posts on Python cryptography.
Tags: compliance, data security, databases, encryption, information security, massachusetts law