[wp-hackers] Privacy issues & encryption of data

Otto otto at ottodestruct.com
Tue Nov 19 17:42:58 UTC 2013


On Tue, Nov 19, 2013 at 11:35 AM, Jeff Rose <jeff at jeffrose.ca> wrote:
> Through my 9-5 job yesterday, I was informed that beginning next year, the
> state of California (maybe others) will require more personally
> identifiable information stored in websites to be encrypted.
>
> This includes usernames, email addresses and even first & last names, which
> WordPress stores in clear text.
>
> This not only affects sites located in California, but also those who may
> have users FROM California.
>
> I'm wondering if anyone has thoughts (not to be taken as legal advice) on
> how to handle this in WordPress, or if WordPress core will address this.


If it's a California law, then it realistically only affects people
living in California. If I don't encrypt, then California cannot do
anything about it because they lack jurisdiction over me.

But I did a quick search and I cannot seem find any such law. There
was a report in July about California possibly passing such a law, but
the articles on it were short on specific details. Certainly, there
are existing laws to protect information such as social security
number, healthcare info, etc, but "name+email" isn't one of those
things covered by existing law I can find.

Obviously, if such a law exists and affects any significant portion of
the userbase, then WordPress will address it appropriately. But we'd
need more information than rumors. Laws are written down, so I should
be able to find it and read it, if it exists at present.

-Otto


More information about the wp-hackers mailing list