Adobe Systems LifeyCycle Policy Server, Decru's DataFort, and NeoScale Systems CyptoStor are highlighted in a discussion of encryption tools needed by companies that must comply, for instance, with Health Insurance Portability and Accountability Act (HIPAA) to safeguard the personal data of medical patients. For instance, the Dartmouth Medical School's Center for Evaluative Clinical Studies must over see the processing of almost 7TB of raw medical data, so the center purchased two network appliance servers that retain data encrypted until researchers request the information on their secure desktops. The data then goes to backup tapes in an encrypted form. Companies of all sizes are looking at encryption as a way to prevent data theft and to comply with Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, and Gramm-Leach-Bliley, which require protection of Social Security numbers, credit card data, and other private information. Encryption is not required but can provide full coverage without much difficulty. A successful encryption plan includes identification of the correct data to be encrypted, choice of only the encryption technologies needed, and effective encryption key management. DataFort and CryptoStor can run in storage area networks (SANs), network-attached storage system (NAS), iSCSI, and tap infrastructures and they encrypt data at almost wire speed with little latency. Among topics covered are library-based tape encryption, laptop and edge encryption, what needs to be encrypted (8-12 bits of information per record on average, says a Gartner analyst), and requirements for persistent encryption.