Massachusetts recently became the 39th state to enact a data security breach notification law to deal with security breaches of personal information of Massachusetts residents.

In the law, “Personal information” is broadly defined to include a Massachusetts resident’s first and last name or first initial and last name in combination with any one or more of the following:

• Social Security number
• Driver’s license number or Massachusetts identification card number
• Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password that would permit access to a resident’s financial account; or
• A biometric indicator.

Important to note though, is that if the personal information involved was encrypted using 128-bit or higher algorithmic encryption and the encryption key was not compromised, notice of a security breach is not required.

Source: Boston Herald

More on Encryption & Data Security

Why Encryption Should be Part of Your IT Security Strategy
Encryption Basics
Whole Disk Encryption