From a reader:
With the Nevada data protection regulation and upcoming Massachusetts data protection law, we're looking for a checklist of encryption issues we should raise as we begin to look at vendors.
What are some red flags to look for as we talk/negotiate with vendors?
What are reasonable service/support demands that we can make?
Any other help?