Do regulations like GLBA And SOX really mandate encryption? Get 20 lawyers and auditors in a room and you'll get 30 heavily conditional opinions, but here's our take.
GLBA may not explicitly mention encryption, but it does state that financial institutions have an obligation to protect the "security and confidentiality of ... nonpublic personal information." HIPAA likewise doesn't directly describe appropriate forms of encryption, but rather directs the Secretary of Health and Human Services to create specific guidelines to cover electronic health records. It does, however, specify that everyone who maintains or transmits health information must safeguard the data against, among other threats, "unauthorized uses or disclosures of the information." Certainly, good access controls and encryption would be the primary tools in following that directive.
SOX, on the face of it, doesn't relate to information technology. Originally written to mandate best practices in corporate business and accounting after markets were shaken by the Enron and WorldCom scandals, SOX does specify that IT controls must be in place on systems that are used in the process of submitting financial data by some large organizations.
The twist in the midst of all these regulations requiring data be protected from accidental disclosure is the directive that companies be able to gather and disclose data, fast, when directed to by the courts.
The Federal Rules of Civil Procedure, set by the Supreme Court and approved by Congress to govern how federal civil cases should proceed, were updated in December 2006 to include e-discovery provisions that seem to mandate a guilty-unless-you-produce-the-evidence scenario. Because digital evidence is so easily manipulated, lost and expunged, under the new procedures, losing keys to encrypted content would be a quick way to run afoul of the law.
Pending 6GHz spectrum availability, faster speeds, and private wireless access use drive FWA forward.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
