GLBA, the new id theft regs, and other federal and state privacy regulations require non-public personal information (NPPI) be protected from unauthorized access at all times. These regulations place constraints on how data is stored, processed, and transmitted.
The FFIEC Information Security Booklet states that financial institutions should “employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit.”
Per recent interpretations of GLBA, “password protection of this data is not sufficient to mitigate the risks – encryption technology must be used to secure the exchange of NPPI over a public network.”
If your tapes are lost or stolen in route or once it arrives at its final destination, encryption would give you comfort that the data is protected. To reduce regulatory risk and reputation risk, I would highly encourage encryption.
Last edited by DerrickAuditor; 09/13/08 01:02 AM.