After implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe.
Discussion continues and questions abound. Will this set the bar nationwide as the articulation of what constitutes "reasonable security" for personal information? How should companies handle the varying risk of harm standards when dealing with state laws and federal law, such as the HITECH Act?