Anthem Blue Cross, one of the nation's largest health insurance providers, revealed yesterday that its computers had been hacked, resulting in access to the records of millions of customers. This information included birthdays, Social Security numbers, addresses, and lots of other data that would be great if you wanted to steal someone's identity.
The Wall Street Journal reported that Anthem didn't encrypt the data that it kept in its own systems, which is really a rookie mistake. Sure, the law didn't require Anthem to encrypt the data, but that's no excuse. If your company is already encrypting data, good for you! You get a sticker. But if the company isn't, it's time to take a walk with the CTO and explain why you should.
Here are three things in-house lawyers should know about encryption: