Massachusetts Governor Duval Patrick announced yesterday that the Massachusetts Data Protection Law deadline has been extended once again to March 1, 2010 - http://www.mass.gov/?pageID=ocatopic&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca
One of the big considerations in the latest extension is to take into account the need to balance consumer protection and business expenses, especially for small businesses who don't have the resources for an extensive network overhaul (in the midst of a bad recession).
The guidelines in the new law - firewall protection, antivirus protection, anti-spyware protection, and encryption all make business sense right now. Getting a new law into effect is a complicated process, but this should NOT be a signal to businesses to be lax about security measures. The budgetary estimates on the Mass web site are WAY over-stated. A few simple measures right now could vastly improve small business data security, and it doesn't need to be complicated! We are continuing to urge all clients to evaluate their security loopholes NOW and take the simple strategic actions that don't need to cost a lot.