California Laws re: user data, in databases, on websites
J_Maxwell
Dec 08, 2003
11:37 AM |
Hello,
I don't know if all of you have heard, but California just implemented a law that says that if you store unencrypted data about a user, in a database, that you have to notify them by email or mail within 10 days.
I know the easiest way to get around this is not to store user data on a website. However, that completely shoots down all hopes for creating a member 'focused' website, remembering their past shipping data, etc. Do you have any words of advice in this area?
Thanks,
Joseph Maxwell |
dave
Dec 08, 2003
12:49 PM |
Joseph,
The law actually doesn't require you to notify your users if you store their data. Rather, the law requires you to notify your customers if the following two conditions are met:
1) you are storing their information unencrypted
AND
2) Your servers were recently compromised.
Further, it doesn't look like physical address is what they are talking about here, but rather account, credit cards, social security, drivers license, etc.
This is the reason why I refuse to allow any of my customers to store their customer's credit card information on the server (Even when encrypted, I think it's just plain dangerous to have that information anywhere on my servers).
So, if you aren't collecting and storing this specific information, then you've got no problem.
Reference: [HYPERLINK@www.digitaledge.org]
Dave
|
J_Maxwell
Dec 08, 2003
2:25 PM |
Ahh, thanks! I appreciate the clarification!
Thanks,
Joseph |
|
Posting in this forum is limited to members of the group: SITEADMINS, SUBSCRIBERS, MEMBERS.]
|
| If you don't have an account yet, visit the registration page to sign up. If you already have an account, you may login here:
|
|
|
Welcome to the Open Forums!!
|
Welcome to the Open Forums!!
|
|
|