My two cents: 1) The definition of "personal data" in the statute is different than "personal information". Both definitions are referenced in this new law. See copy of the "personal data" definition below, it is more wide-ranging that "personal information". 2) Encryption of entire sessions after logging into any internet service is becoming the norm. This means SSL will become more ubiquitous as there are numerous ways that non-SSL sessions can be faked and identities stolen as a result. 3) Small offices should always be concerned of data that is "only in the office". Software bugs, security holes, viruses, etc can always create potential holes in "non-networked" data... and physical security against physical break-in is also important. ---- As defined in Massachusetts General Laws Chapter 66A ... “Personal data”, any information concerning an individual which, because of name, identifying number, mark or description can be readily associated with a particular individual; provided, however, that such information is not contained in a public record, as defined in clause Twenty-sixth of section seven of chapter four and shall not include intelligence information, evaluative information or criminal offender record information as defined in section one hundred and sixty-seven of chapter six." ---- Charles Uchu Strader charles at gaiahost.coop 1-800-672-8060 x803 ----------------------------------------------------- GAIA Host Collective, LLC http://www.gaiahost.coop ----------------------------------------------------- "Internet hosting from an environmentally and socially concerned worker-owned cooperative" -----------------------------------------------------