> of California whose unencrypted personal information > was, or is reasonably believed to have been, acquired > by an unauthorized person." It seems to me that the language used in this bill suggests that notification would be necessary if the unencrypted information _COULD HAVE BEEN ACQUIRED_ .... NOT that the unencrypted information itself was _TRANSMITTED_....so to me that says if there is a reasonable chance that the information that was stolen (even if encrypted) could be decrypted into plain text (either via a weak encryption scheme such as ROT13 or if there's evidence the keys were stolen as well), that it would need to be reported. I think this clears up some of your other questions as well. ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfihl1
This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 10:51:27 PST