Answer:
I think the guidance indicates that this may be warranted depending on your risk assessment. If, in the process ofdoing your risk assessment, you find that the data is deemed to be extrememly sensitive and the system is deemed to be vulnerable to unauthorized access, then encryption of the data while stored on the internal system may be called for.
First published on BankersOnline.com 7/2/01