> This also refers to NIST SP-800-111.
>
Thank you for the clarifications.
> > It looks more like if your data at rest is encrypted (ie server hard
> > drives), you're better protected under the law from penalties. But it's
> > not mandatory yet.But it sounds like I would want to encrypt my
On Wed, May 22, 2013 at 03:44:38PM PDT, Steven Kurylo spake thusly:
> There are more articles than these ones, but for example:
> http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/breachnotificationifr.html
This one seems to be concerned with breach notification. If you lose an
en