Posted on January 9, 2008 by David Navetta

New Jersey Security Requirements (including encryption of personal information)

A proposed New Jersey regulation that may be come law in 2008. It has very specific requirements around encryption of personal information at rest and in transit. In particular, if these rules pass organizations would be required to encrypt according to the Federal Information Processing Standard (FIPS) recommended standard, which is the Advanced Encryption Standard (AES) 128-bit to 256-bit. This law also has 20 other fairly specific security requirements.

How will these specific requirements related to other State, Federal, International security requirements? Do the specifics in this regulation harken a movement away from a "technology neutral" approach to information security regulation?

Tags: , , ,
Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.infolawgroup.com/admin/trackback/163559
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.