HP3000-L Archives

February 2003, Week 4

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: OT: OT: GLBA and service bureaus
From:
Donna Garverick <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 24 Feb 2003 10:24:57 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (39 lines) 
[log in to unmask] wrote:

> Basically, when a financial institution, such as a CU or an insurer, ftps
> their print output to a service bureau's public ftp server (but with their
> own account and password), does the data have to be encrypted?

increasingly, yes.

> If not, what obligation does either party have to ensure the security and
> privacy of said
> data?

obligation?  i don't know.  my guess is, however, if you don't 'play by the
rules' won't nobody 'play' with you :-)

i know hipaa is playing a significant role in all this.  for us/longs, most of
our business partners (that we ftp stuff to or from) are 'requesting' (don't
know how forcefully) us to encrypt our data before putting it on our/their
external ftp server.  that's probably the driving point -- *external* ftp
servers.

the need for encryption, i suspect, is why the list has seen a number of 'is
their encryption s/w for mpe' recently.  i wish there was....<sigh>          - d

--
Donna Garverick     Sr. System Programmer
925-210-6631        [log in to unmask]

Come, my friends, 'Tis not too late to seek a newer world.
Tho' much is taken, much abides; and tho'
We are not now that strength which in old days
Moved earth and heaven, that which we are, we are.
"Ulysses", A. Tennyson

>>>MY opinions, not Longs Drug Stores'<<<

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2