Josh BeckmanI’d argue that field-level encryption should be a starting place for new application development, and in particular field-level encryption with distinct keys for each entity you might contract with (e.g. each business for a business-to-business product, each user for a consumer product).
lethain.comA Brief Rant on Converging Compliance Regimes.