Nevada was the first state to enact a law requiring entities that transfer customer personal information outside of the secure system of the business through an electronic transmission (other than a facsimile) to use encryption. In late 2008, Massachusetts was the second state to pass legislation that mandates the use of encryption. Michigan is considering similar legislation. This is an area to watch as other states could consider such legislation.
The Massachusetts legislation goes beyond encryption, also requiring entities to develop, implement, maintain and monitor a comprehensive, written information security program on or before Jan. 1, 2010. This article describes the application of and the compliance requirements for the first-of-its kind Massachusetts regulation issued by the Massachusetts Office of Consumer Affairs and Business Regulation ("MOCABR").
Click here to view the full article.