>>>>> David Korpiewski <davidk at cs.umass.edu> writes: > I was just notified about a new Massachusetts data encryption law that is > going into effect May 1, 2009. It is pretty harsh and requires all data > with personal information to be encrypted, even on backup tapes. IMHO, 201 CMR 17.00 is long overdue. Fortunately for folks responsible for implementing it, on 2/12 the Mass Office of Consumer Affairs and Business Regulation issued a few amendments -- and another extension. Under the extension, the rules will now take effect 1 January 2010. (The amendments make the standard for third party vendor relationships more reasonable, and -- for some unknown reason -- omit the requirement for encryption to personal data transmitted over public networks or wireless communications.) -- Roger Williams <roger at qux.com> Chief Technical Officer, Qux Corporation 433 West Street, Suite 8, Amherst, MA 01002, USA Tel +1 413 253-6400 * Fax +1 508 302-0230 * GSM +1 508 287-1420