An InformationWeek report says the Massachusetts data protection law that took effect March 1 is "a prime example of the increasingly aggressive role states are taking to protect their citizens" and "could spur similar legislation in other states." The law is unique in that it requires any business that holds the personal information of Massachusetts residents to attest that it has a working information security program in place and to encrypt data in motion and at rest. The report suggests a three-pronged approach toward compliance, advising, among other things, that "End-user training is critical...skimping on education could cost you."
Comments
If you want to comment on this post, you need to login.