By Deane Barker | April 28, 2010 | 2 Comments
A New Law that Will Change the Way You Build Database Applications: Whoa. I’ll be fascinated to see how this develops. If it’s valid, and it stands, it will have a significant effect on how any nationally-scoped app is built.
If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it’s persisted. Sending PII over HTTP instead of HTTPS? That’s a big no no. Storing the name of a customer in SQL Server without the data being encrypted? No way, Jose. You’ll get a fine of $5,000 per breach or lost record. If you have a database that contains 1,000 names of Massachusetts residents and lose it without the data being encrypted that’s $5,000,000. Yikes.
The scope of reengineering needed would surpass Y2K if this is as described. Can’t store or send first and last name in the clear? Yikes indeed!
Wow… is Mass the first to do this? I wonder if other states will follow.