State Legislation: Massachusetts: Identity Theft

New regulations implemented in Massachusetts requiring that companies encrypt documents sent over the Internet or saved on laptops or flash drives have been revised to make the process easier for small businesses. Under the regulations, wirelessly transmitted data must be protected and firewalls must be up to date. The revised regulations are risk-based in implementation, meaning that the administrative, technical, and physical safeguards necessary are based on several factors, such as the size, scope, and type of business; the resources available; the amount of data stored; and the need for security and confidentiality of the information. Businesses in the state must meet the new regulations by March 1, 2010.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.