funsec mailing list archives
Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information
From: "Brian Loe" <knobdy () gmail com>
Date: Mon, 8 Oct 2007 18:10:36 -0500
On 10/8/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
Go ahead and try to get that to actually fly.
Its not difficult, you add a line to the law that says no PHI will be transmitted via FAX. My former employer spent roughly 50k on an encrypted e-mail solution, spending nothing to not use a FAX seems pretty easy.
And if it was encrypted on the wire, it would *still* have been faxing *encrypted* perscription info that then gets printed out in plaintext to a bank, and spending a day calling another bank to make them stop faxing *encrypted* personal info that then gets printed out in plaintext.
You're a genius. See my first point - disallow FAX transmissions of sensitive, personal information.
The problem isn't on the wire, the problem is at the *endpoints*. Changing the on-wire representation doesn't fix the endpoints.
That is the case whether you are dealing with FAX machines or e-mails or web interfaces. Someone prints the data off and leaves it on the printer; someone fails to lock their workstation; someone loses or has their laptop stolen. Once again we're back to the same obvious argument, we're limiting risk not eliminating it. _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information John Payton (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Brian Loe (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Valdis . Kletnieks (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Brian Loe (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Valdis . Kletnieks (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Brian Loe (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Valdis . Kletnieks (Oct 08)
- Re: [privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information Brian Loe (Oct 08)