Posted by: Margaret Rouse
Compliance, consumer protection, data encryption, Mark Wright, Massachusetts 201 CMR 17.00, Privacy
|“Massachusetts is taking data encryption regulation to the next level by actually defining what is meant by encryption, and this definition includes all data that is in transition, in storage and on portable devices.”
Mark Wright, The Evolution of Data
From 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH / Definitions section
“Encrypted,” transformation of data through the use of a 128-bit or higher algorithmic process, or other means or process approved by the office of consumer affairs and business regulation that is at least as secure as such algorithmic process, into a form in which there is a low probability of assigning meaning without use of a confidential process or key.