The states of Nevada and now Massachusetts require that holders of personal information must encrypt that information. Nevada imposes this requirement on businesses with respect to some kinds of information — names associated with social security numbers or various other kinds of access codes. Massachusetts imposes the requirement on everybody and applies it to storage on mobile devices and transmission through open networks.
A memo by the Chicago firm of Wildman Harrold describes both laws and gives citations.
Do we need this kind of rule in Canada? PIPEDA and its provincial counterparts require holders of personal information to keep it . . . [more]