Hacker News new | comments | ask | show | jobs | submit login

I'm not a lawyer, but it seems like complying with this law would preclude compliance with HIPAA, ISO 9001, various NSA-IAD directives, etcetera. Compliance with standards like those is often written into government contracts and sometimes required by statute or policy.

If this law passed in its current form, wouldn't entire industries have to choose which laws to break when storing data?

I was wondering about this, but the data can remain encrypted and compliant as long as it's ultimately accessible by court order. I then assume the existing laws regarding courts accessing private health data apply.

There's no stipulation that data needs to be decryptable by the party holding it, is there? If the law passes in its current form, we'll probably see a slew of client-side encryption and secure multiparty computation offerings from providers.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact