Massachusetts has elected to delay implementation of its tough new data breach regulations from January 1 to May 1, 2009.
The regulations, among the most stringent in the nation, would require any entity holding personal information on Massachusetts residents -- whether located within our outside of Massachusetts -- to, among other things, encrypt records and files containing personal information that will be transmitted over a public network or wirelessly; introduce secure user authentication protocols and other security measures; put in place an information security program, including firewall protection; monitor unauthorized use of their systems; and create an inventory of their systems that maintain defined personal information on Massachusetts residents.
While it is hard to argue with the goals of the regulations, they are an example of the difficulties faced by small and large businesses alike when trying to deal with sometimes conflicting local attempts to legislate computer security.
The regulations, among the most stringent in the nation, would require any entity holding personal information on Massachusetts residents -- whether located within our outside of Massachusetts -- to, among other things, encrypt records and files containing personal information that will be transmitted over a public network or wirelessly; introduce secure user authentication protocols and other security measures; put in place an information security program, including firewall protection; monitor unauthorized use of their systems; and create an inventory of their systems that maintain defined personal information on Massachusetts residents.
While it is hard to argue with the goals of the regulations, they are an example of the difficulties faced by small and large businesses alike when trying to deal with sometimes conflicting local attempts to legislate computer security.
No comments:
Post a Comment