On March 1, the Massachusetts Data Privacy Law 201 CMR 17 came into effect. This law applies to any company, wherever it’s based, that keeps personal information of Massachusetts citizens; with it’s purpose being to ensure more strict protective measures are enforced in order to prevent breaches from occurring.
Companies who do not have an overarching security policy framework complying with the measures set by Massachusetts, and the means to enforce it, could pay penalties up to $5,000. The law does detail what types of security provisions companies will need, though there are no specifically required database security products; they will also need to document their security compliance policy, and will be audited against that in the future.
Basically, the law is designed to goad businesses without database security into action, and companies that already have that in place should not really need to change anything.
