Securing Cloud and Mobility by Ian Lim, E. Coleen Coolidge, Paul Hourani

Encryption is driven by compliance requirements and data threats. Senate Bill 1386, which became effective on July 1, 2003, mandated that notification must be made to California residents if there is reasonable cause to suspect the breach of their unencrypted personal information. The operative word is unencrypted. Many companies have moved to encrypt personal information to avoid the hefty costs and reputational damage of breach notification. The Health Information Technology for Economic and Clinical Health Act (HITECH) enacted in 2009 to complement the Health Insurance Portability and Accountability Act (HIPAA) has encryption implications. Similar to SB1386, HITECH requires breach ...