|
|
You're in the
sql server programming
group:CC and SSN encryption
sql server programming:
It can depend on what type of data it is. For example, if these are SSN in
medical records or health care claims, then HIPAA regulations would be in effect. There can be other industry specific regulations such as banking, etc. I don't know of any general encryption requirements in any law for the storage of data. Usually if there is a law, it requires the keeper of the data to protect access to the data. Other laws such as HIPPA go a bit futher and require you to log who, what, where, when and how the data was accessed. Hope that helps, Joe [quoted text, click to view] "Kay" wrote:
> All, > > Is there any law enforced by regulatory bodies to encrypt > > 1.Credit Card info > 2. SSN > > I need some document on it, which I can use for my presentation to my > management. Any US Bill's text can also be usefull. > > TIA > >
The following is a FAQ concerning the PCI and CISP standards for encrypting
CC numbers. http://www.patownsend.com/VisaPCI-CISP.htm Federal legislation such as SOX, HIPAA and GLBA also have regulations for how such information is stored and how it can be shared with 3rd parties. However, some of these regulations, such as SOX compliance, only apply to publicly held companies. [quoted text, click to view] "Kay" <CallDBA@hotmail.com> wrote in message news:OrmvCxc%23FHA.2608@tk2msftngp13.phx.gbl... > All, > > Is there any law enforced by regulatory bodies to encrypt > > 1.Credit Card info > 2. SSN > > I need some document on it, which I can use for my presentation to my > management. Any US Bill's text can also be usefull. > > TIA > >
All,
Is there any law enforced by regulatory bodies to encrypt 1.Credit Card info 2. SSN I need some document on it, which I can use for my presentation to my management. Any US Bill's text can also be usefull. TIA
I don't see how SSN and credit card numbers could be related to eLearning;
except perhaps in a peripheral way when the user pays for the service, but that would be more related to eCommerce. [quoted text, click to view] "Kay" <CallDBA@hotmail.com> wrote in message news:e$V2GUm%23FHA.1032@TK2MSFTNGP09.phx.gbl... > Basically data is related to eLearning. So what Law says about this > domain? > -Kay > > "Joe from WI" <JoefromWI@discussions.microsoft.com> wrote in message > news:2FF1EDD3-0070-4106-AD4E-3A43C591250F@microsoft.com... >> It can depend on what type of data it is. For example, if these are SSN >> in >> medical records or health care claims, then HIPAA regulations would be in >> effect. There can be other industry specific regulations such as >> banking, >> etc. I don't know of any general encryption requirements in any law for >> the >> storage of data. >> >> Usually if there is a law, it requires the keeper of the data to protect >> access to the data. Other laws such as HIPPA go a bit futher and require >> you >> to log who, what, where, when and how the data was accessed. >> >> Hope that helps, >> Joe >> >> "Kay" wrote: >> >>> All, >>> >>> Is there any law enforced by regulatory bodies to encrypt >>> >>> 1.Credit Card info >>> 2. SSN >>> >>> I need some document on it, which I can use for my presentation to my >>> management. Any US Bill's text can also be usefull. >>> >>> TIA >>> >>> >>> > > >
Just like Jay, I don't see what SSN and CC have to do with eLearning.
If you are accepting credit cards for payments, you may be bound by your credit card agreement. I don't know of any federal law relating to eCommerce. Now, if you're a financial instition, credit card company, etc., that's a whole other story. I suggest you contact the financial institution that services your merchant account or the company that handles your credit card processing for specific rules. BTW, I coded an ecommerce site that used a third party credit card processing company. All we stored in the database was the last four digits of the cc number and the approval code. The secured web pages, cc processing, etc. took place at the third party site. If there is a law either now or in the future, it will undoubtly be like HIPPA. You'll have to have comprehensive written procedures outlining how you protect confidential information from access to the physical hardware (how do you control who enters the computer room? do they have to swipe a badge in and out? etc.), how you handle backup media? are tapes are stored in a bank vault or secure location?, network security (each user has a separate login with a strong password?), database security, table security, column security, stored procedure execution rights, etc. Who can access the data, how do they access the data, when do they access it (i.e. audit log of who accesses cc, ssn, etc., when, how, for what purpose.) If you encrypt data, how do you do it? Do you use keys? Where are the keys kept? How often do you review internal procedures and training of personal? An example is: User \\Wkstn1\JDoe ran stored procedure usp_Select_All_CC on 12/05/2005 at 1:45 PM at ip address 192.168.1.101 using application "Credit Application". Get the jist? Most laws require you to prove that you were taking reasonable precautions to protect and safegaurd the data. Treat ssn, cc, etc. like you would salary information. Would you want your salary in a table that anyone could access on the server by running a simple query? Probably not. Salary information is usually stored in a separate table, sometimes in a separate database, and in larger companies often stored on a separarte computer. Usually only authorized people are allowed to access salary information and usually only for "approved" purposes or bonifide business reasons--not just because they are curious about what someone is making. Hope that helps, Joe [quoted text, click to view] "Kay" wrote:
> Basically data is related to eLearning. So what Law says about this domain? > > -Kay > > "Joe from WI" <JoefromWI@discussions.microsoft.com> wrote in message > news:2FF1EDD3-0070-4106-AD4E-3A43C591250F@microsoft.com... > > It can depend on what type of data it is. For example, if these are SSN > > in > > medical records or health care claims, then HIPAA regulations would be in > > effect. There can be other industry specific regulations such as banking, > > etc. I don't know of any general encryption requirements in any law for > > the > > storage of data. > > > > Usually if there is a law, it requires the keeper of the data to protect > > access to the data. Other laws such as HIPPA go a bit futher and require > > you > > to log who, what, where, when and how the data was accessed. > > > > Hope that helps, > > Joe > > > > "Kay" wrote: > > > >> All, > >> > >> Is there any law enforced by regulatory bodies to encrypt > >> > >> 1.Credit Card info > >> 2. SSN > >> > >> I need some document on it, which I can use for my presentation to my > >> management. Any US Bill's text can also be usefull. > >> > >> TIA > >> > >> > >> > >
Basically data is related to eLearning.
-Kay [quoted text, click to view] "Joe from WI" <JoefromWI@discussions.microsoft.com> wrote in message news:2FF1EDD3-0070-4106-AD4E-3A43C591250F@microsoft.com... > It can depend on what type of data it is. For example, if these are SSN > in > medical records or health care claims, then HIPAA regulations would be in > effect. There can be other industry specific regulations such as banking, > etc. I don't know of any general encryption requirements in any law for > the > storage of data. > > Usually if there is a law, it requires the keeper of the data to protect > access to the data. Other laws such as HIPPA go a bit futher and require > you > to log who, what, where, when and how the data was accessed. > > Hope that helps, > Joe > > "Kay" wrote: > >> All, >> >> Is there any law enforced by regulatory bodies to encrypt >> >> 1.Credit Card info >> 2. SSN >> >> I need some document on it, which I can use for my presentation to my >> management. Any US Bill's text can also be usefull. >> >> TIA >> >> >>
Basically data is related to eLearning. So what Law says about this domain?
-Kay [quoted text, click to view] "Joe from WI" <JoefromWI@discussions.microsoft.com> wrote in message news:2FF1EDD3-0070-4106-AD4E-3A43C591250F@microsoft.com... > It can depend on what type of data it is. For example, if these are SSN > in > medical records or health care claims, then HIPAA regulations would be in > effect. There can be other industry specific regulations such as banking, > etc. I don't know of any general encryption requirements in any law for > the > storage of data. > > Usually if there is a law, it requires the keeper of the data to protect > access to the data. Other laws such as HIPPA go a bit futher and require > you > to log who, what, where, when and how the data was accessed. > > Hope that helps, > Joe > > "Kay" wrote: > >> All, >> >> Is there any law enforced by regulatory bodies to encrypt >> >> 1.Credit Card info >> 2. SSN >> >> I need some document on it, which I can use for my presentation to my >> management. Any US Bill's text can also be usefull. >> >> TIA >> >> >>
Basically data is related to eLearning. So what Law says about this domain?
-Kay [quoted text, click to view] "Joe from WI" <JoefromWI@discussions.microsoft.com> wrote in message news:2FF1EDD3-0070-4106-AD4E-3A43C591250F@microsoft.com... > It can depend on what type of data it is. For example, if these are SSN > in > medical records or health care claims, then HIPAA regulations would be in > effect. There can be other industry specific regulations such as banking, > etc. I don't know of any general encryption requirements in any law for > the > storage of data. > > Usually if there is a law, it requires the keeper of the data to protect > access to the data. Other laws such as HIPPA go a bit futher and require > you > to log who, what, where, when and how the data was accessed. > > Hope that helps, > Joe > > "Kay" wrote: > >> All, >> >> Is there any law enforced by regulatory bodies to encrypt >> >> 1.Credit Card info >> 2. SSN >> >> I need some document on it, which I can use for my presentation to my >> management. Any US Bill's text can also be usefull. >> >> TIA >> >> >>
FACTA (S.E.C.)
[quoted text, click to view] "Kay" <CallDBA@hotmail.com> wrote in message news:OrmvCxc%23FHA.2608@tk2msftngp13.phx.gbl... > All, > > Is there any law enforced by regulatory bodies to encrypt > > 1.Credit Card info > 2. SSN > > I need some document on it, which I can use for my presentation to my > management. Any US Bill's text can also be usefull. > > TIA > >
Don't see what you're looking for? Try a search.
|
January 2003
March 2003
April 2003
May 2003
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
April 2008
| home · blog · groups | Questions? Comments? Contact the dn |