Friday, February 13, 2009

Massachusetts Postpones Reporting Law

Massachusetts' Office of Consumer Affairs and Business Regulation announced Thursday that it has revised the state's new identity theft and data breach prevention law. Companies doing business in the Bay State now have until January 1, 2010, to come into compliance with the law's strict security provisions. The law, originally scheduled to take effect in January of this year, had already been delayed to May 1, 2009 while state authorities considered both how to enforce its provisions and how to communicate the state's expectations to the Massachusetts business community.

This Massachusetts legislation will become the strictest such law in America when enforcement begins 11 months from now. In the meantime Pennsylvania and several other states are considering stiffer breach reporting standards and compliance language.

1 comment:

George said...

I live and work in Massachusetts. I was disappointed to hear about the delay with this law. Companies need to do more to protect the sensitive data of employees, former employees, and customers. Responsibility and accountability are important.