The deadline for compliance to the new Massachusetts Data Privacy legislation has been extended AGAIN to January 1, 2010. The original deadline was January 1, 2009. Last November, the deadline was extended to May 1, 2009, and just recently the deadline was extended again to January 1, 2010: http://www.mass.gov/?pageID=ocapressrelease&L=1&L0=Home&sid=Eoca&b=pressrelease&f=20090212_idtheft&csid=Eoca
There are no specific penalties for non compliance, but the door is opened for legal action by the state's attorney general. http://www.networkworld.com/news/2009/021209-mass-data-privacy.html?page=1
We are advising our clients that if they are running an up to date computer infrastructure they are probably already in compliance for most items, and regardless of what the State does, these are good business practices to follow. In many cases only a few relatively small and inexpensive changes will needed for compliance. Its a bit frustrating that the news keeps changing from the State government, but protecting your critical business information makes business sense right now. What would you do if your laptop were stolen and someone had access to all your information? Encrypt your portable devices NOW and don't get caught up with all the political changes!