The Solution to State Mandated Encryption


Thought Leadership

The Solution to State Mandated Encryption

Neil Farquharson

Connecticut lawmakers have begun pushing for a mandate that would improve the state’s cybersecurity standing by requiring vendors to encrypt all personal data stored and transmitted as a condition of entering into a contract with the state.

According to an article in Government Technology, businesses also would have to enable stronger password protections and control how much personal identifying information can be downloaded at one time, to help mitigate damage in the event any data is stolen. Ultimately, this should help Connecticut become a safer state in which to live and do business in.

If the mandate passes, Connecticut would join Maryland and New Jersey as states requiring customer data encryption.

At this point, encryption needs to be mandated on a state-by-state basis. Connecticut Senate Majority Leader Bob Duff, (D-Norwalk) hopes that legislative action by one or more states could prompt additional action by the federal government, but that likely won’t happen anytime soon:

“Unfortunately, as we all know too well, Washington has become dysfunctional,” Duff said. “Washington is unable to function in a quick manner – something that is necessary with the fast moving field of technology. The responsibility has fallen to the states.”

Until Washington decides to take action, states will need to find a workable solution that is cost-effective and offers the highest level of protection. Duff explained to Government Technology that the burden of encryption could be difficult on small companies that, in order to comply, would need to spend 20 percent or more in computer and software costs.

So what’s the best solution?

One option is for states to require vendors and businesses to join an email encryption network that would allow seamless communication within the state, and beyond. As states begin to mandate encryption, there would be a common encryption platform that could eventually be the standard encryption model used by businesses across all 50 states.

The Zix Encryption Network is already used by over 11,500 companies including 1 in 4 American banks, 1 in 5 U.S. hospitals, all U.S. federal financial regulators, the U.S. Securities & Exchange Commission and more than 20 state financial regulators.

If states are going to mandate encryption, why not ask them to join a network that’s already used by a large number of national and state-wide businesses and regulators?

Not only does joining the same network provide convenience by having all businesses on the same platform – eliminating passwords and portals – but it’s also one of the most affordable options out there since it can be scaled to any size business.

At Zix, we fully advocate and support the decision to mandate encryption at both the state and national level. While encryption isn’t a solve all, it is part of an imperative need to step up our game when it comes to the protection of American citizens and businesses.