Massachusetts' Office of Consumer Affairs and Business Regulation announced Thursday that it has revised the state's new identity theft and data breach prevention law. Companies doing business in the Bay State now have until January 1, 2010, to come into compliance with the law's strict security provisions. The law, originally scheduled to take effect in January of this year, had already been delayed to May 1, 2009 while state authorities considered both how to enforce its provisions and how to communicate the state's expectations to the Massachusetts business community.
This Massachusetts legislation will become the strictest such law in America when enforcement begins 11 months from now. In the meantime Pennsylvania and several other states are considering stiffer breach reporting standards and compliance language.