I phoned a security professional friend the other day to discuss e-mail encryption implementation and she brought up an interesting question. The new Massachusetts data privacy law (aka CMR 201 17) requires that:
So here are a few scenarios in question:
As I understand it, less than 10% of all e-mail is encrypted today at organizations with e-mail encryption deployed. If scenario #1 is true, then e-mail encryption must become an e-mail staple as a high percentage of internal e-mail messages must be encrypted. If scenario #2 is true, then e-mail encryption gateway solutions don’t meet compliance requirements. This means new deployments of e-mail encryption clients and potentially CAs, PKI, revocation lists, digital certificates, etc.
I don’t know whether either scenario is true so I’d appreciate reader comments and opinions. Thanks.
Related posts:
Tags: email, encryption, MA CMR 201 17
yes, PII and PCI must be encrypted, not matter how far the data travels, even one cubicle. look at PGP for email encryption.
Name (required)
Mail (will not be published) (required)
Website
Your email: