[log in to unmask] wrote:
> Basically, when a financial institution, such as a CU or an insurer, ftps
> their print output to a service bureau's public ftp server (but with their
> own account and password), does the data have to be encrypted?
increasingly, yes.
> If not, what obligation does either party have to ensure the security and
> privacy of said
> data?
obligation? i don't know. my guess is, however, if you don't 'play by the
rules' won't nobody 'play' with you :-)
i know hipaa is playing a significant role in all this. for us/longs, most of
our business partners (that we ftp stuff to or from) are 'requesting' (don't
know how forcefully) us to encrypt our data before putting it on our/their
external ftp server. that's probably the driving point -- *external* ftp
servers.
the need for encryption, i suspect, is why the list has seen a number of 'is
their encryption s/w for mpe' recently. i wish there was....<sigh> - d
--
Donna Garverick Sr. System Programmer
925-210-6631 [log in to unmask]
Come, my friends, 'Tis not too late to seek a newer world.
Tho' much is taken, much abides; and tho'
We are not now that strength which in old days
Moved earth and heaven, that which we are, we are.
"Ulysses", A. Tennyson
>>>MY opinions, not Longs Drug Stores'<<<
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|