September 1, 2009 at 7:08 am
I got this from a third party, but thought I'd pass it along. You can look up the regs if you want to verify. It's a webcast regarding the new Mass. state regulations regarding data retention and protect.
http://www.sophos.com/sophos/docs/eng/webseminars/mass-state-regulations.swf
Something for all DBAs to think about. The most salient point? Even if you don't do business in MA, so long as you store private information for any resident of MA, you are required to obey the state regs regarding that data. And you CANNOT allow the use of Vendor Default Password.
That affects quite a bit of third party apps. I wonder how the vendors are going to deal.
September 1, 2009 at 7:59 am
Excellent! This should be required in all companies and governments.
September 3, 2009 at 7:43 am
Thanks for posting that. I hadn't heard.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
September 3, 2009 at 8:16 am
You're welcome. Like I said, though, it's third party so anyone who has real concerns should go look up the actual legislation.
September 3, 2009 at 9:54 am
Good information indeed.
Another one to add to the pile with Cal. Privacy, Sox, and PCI.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
September 3, 2009 at 10:10 am
As an aside, while I think its a good idea I'm a little fuzzy on the legality. Mass. is interfering in interstate commerce and unless you have a building in Mass. you generally are not subject to their laws, regardless of what Mass. says. Only the federal government has the right to do this. Thoughts?
CEWII
September 3, 2009 at 10:20 am
It goes to the protection of the consumer and their private data. Any person doing business in another state needs to protect the consumer data that resides in that state. Even when doing business across state lines, you need to adhere to the commerce laws of each state.
California Privacy Act does the same sort of thing. If I have a database with any California consumers in it, my database needs to adhere to the CPA.
Another example is that of NBA players. NBA Players have to pay the state tax in many cases of the state where the game is being played - or so I have read on a blog from one of the teams.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
September 3, 2009 at 10:42 am
Elliott W (9/3/2009)
As an aside, while I think its a good idea I'm a little fuzzy on the legality. Mass. is interfering in interstate commerce and unless you have a building in Mass. you generally are not subject to their laws, regardless of what Mass. says. Only the federal government has the right to do this. Thoughts?CEWII
Well, Mass recently tried to tax purchases made outside their state lines... so, I wouldn't be surprised if they're trying to manage other people's business too.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
September 3, 2009 at 10:44 am
The NBA players one doesn't really help because they were actually IN the state..
If my database resides in MY state (which isn't Mass) what is their claim. I see it kind of like the IRS cases where the courts ruled that unless you had a nexus in that state online sellers aren't liable for sales tax. Where nexus was more or less defined as a physical presence, an office, or a shipping depot, something tangible.
I'm not disagreeing that it is a good practice. I'm just questioning their legal rationale in how they can subject a party outside of their control to their law.
I continue to argue that neither CA or MA have the legal right, by our Constitution, to set the laws for any other state. Which is what they are doing.
Using this rationale I would have to know the laws of every state and potentially every city that I could do business in, thats crazy. That is the reason the federal government was given the power to regulate such things (by the Constitution) so that there would be one coherent (well...) law to follow instead of 50 or 1000.
Also, just a few years ago, the courts ruled that federally chartered banks are NOT subject to state banking laws. Some states had barred ATM fees and the banks balked, so they took it to court. The state banks are bound by the rule, the federal ones aren't. Look it up.
I'd like to see some case law on this to see how the courts have ruled.
CEWII
September 3, 2009 at 10:52 am
Grant Fritchey (9/3/2009)
Well, Mass recently tried to tax purchases made outside their state lines... so, I wouldn't be surprised if they're trying to manage other people's business too.
What, the Libs in MA aren't satisfied with running the lives of the people in their state? They have to try and run everyone else's?
September 3, 2009 at 11:15 am
Elliott W (9/3/2009)
Grant Fritchey (9/3/2009)
Well, Mass recently tried to tax purchases made outside their state lines... so, I wouldn't be surprised if they're trying to manage other people's business too.What, the Libs in MA aren't satisfied with running the lives of the people in their state? They have to try and run everyone else's?
With great regret... no comment.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
September 3, 2009 at 11:33 am
MA has the right to say who can do business in their state. By extension, that means they can require those companies to require any sub-contracted vendors to follow these regulations. For example, a hospital in MA stores their data out of state at a server farm. The server farm vendor is required to abide by MA laws because the hospital is required to abide by MA laws AND verify that their vendor is abiding by those laws.
This doesn't actually violate Interstate Commerce Laws, much as you might think otherwise. Especially since it won't be long before the Fed jumps on the bandwagon and starts doing the same thing. I'm pretty sure bills have been introduced before, but I'm unsure of whether or not they've gotten out of committee.
Thing is, the Fed only tries to regulate when the States make a hash out of it (i.e., everyone's doing something completely different), the constituants make a federal case (literally) out of an issue, the lawmakers were seriously burned (see current financial crisis), or nobody else is doing anything. So we might not actually see action from the Fed on this for a decade or more. Especially if the state governments go this way en masse. Why should the Fed have to worry about it?
I also don't see this type of thing being thrown out by the U.S. Supreme Court. Not unless something seriously funky is hidden inside the legislation.
September 3, 2009 at 11:40 am
Steve Jones - Editor (9/1/2009)
Excellent! This should be required in all companies and governments.
Personal Data SET algebra required Massachusetts was listening.
😎
Kind regards,
Gift Peddie
September 3, 2009 at 11:42 am
Grant Fritchey (9/3/2009)
Elliott W (9/3/2009)
As an aside, while I think its a good idea I'm a little fuzzy on the legality. Mass. is interfering in interstate commerce and unless you have a building in Mass. you generally are not subject to their laws, regardless of what Mass. says. Only the federal government has the right to do this. Thoughts?CEWII
Well, Mass recently tried to tax purchases made outside their state lines... so, I wouldn't be surprised if they're trying to manage other people's business too.
Don't confuse enforceable vs on the books. There are lots of states requiring usage taxes (a.k.a sales tax on out of state vendors) be paid. Some pound on the vendors to pay it, some require the customers to report these on their tax returns. Pennsylvania and New Jersey are ones I know of doing that.
Most states haven't been able to enforce those rules yet. Of course - they're finally getting automated enough that you may see it start to happen.
*cough* pay cash *cough*
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
September 3, 2009 at 11:47 am
Matt Miller (9/3/2009)
Grant Fritchey (9/3/2009)
Elliott W (9/3/2009)
As an aside, while I think its a good idea I'm a little fuzzy on the legality. Mass. is interfering in interstate commerce and unless you have a building in Mass. you generally are not subject to their laws, regardless of what Mass. says. Only the federal government has the right to do this. Thoughts?CEWII
Well, Mass recently tried to tax purchases made outside their state lines... so, I wouldn't be surprised if they're trying to manage other people's business too.
Don't confuse enforceable vs on the books. There are lots of states requiring usage taxes (a.k.a sales tax on out of state vendors) be paid. Some pound on the vendors to pay it, some require the customers to report these on their tax returns. Pennsylvania and New Jersey are ones I know of doing that.
Most states haven't been able to enforce those rules yet. Of course - they're finally getting automated enough that you may see it start to happen.
*cough* pay cash *cough*
No, no. They went across state lines to get a list of customers from a tire company in order to identify the customers that came from MASS so that they could go and collect from them... They lost the case on appeal. I'm not just talking about the law that requires you to come home from vacation and pay taxes on anything you purchased while you were away. These guys were trying to get serious, but were handed their heads in court. Good thing too.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
Viewing 15 posts - 1 through 15 (of 31 total)
You must be logged in to reply to this topic. Login to reply