New regulations implemented in Massachusetts requiring that companies encrypt documents sent over the Internet or saved on laptops or flash drives have been revised to make the process easier for small businesses. Under the regulations, wirelessly transmitted data must be protected and firewalls must be up to date. The revised regulations are risk-based in implementation, meaning that the administrative, technical, and physical safeguards necessary are based on several factors, such as the size, scope, and type of business; the resources available; the amount of data stored; and the need for security and confidentiality of the information. Businesses in the state must meet the new regulations by March 1, 2010.
Australia has enacted a new amendment that will broaden the definition of personal information and require more transparency from organizations on how that personal information is stored. The new law, The Privacy Regulation 2013, is part of the broader Privacy Amendment Act of 2012 and applies to companies with revenues of more than AUD 3 million that collect information, such as names, contact details, payment information, or other details related to a specific person, for any purpose.