The following article was brought to my attention yesterday: http://www.sqlmag.com/print/sql-server/A-New-Law-that-Will-Change-the-Way-Yo u-Build-Database-Applications.aspx It references the following article: http://www.informationweek.com/news/security/government/showArticle.jhtml?ar ticleID=224400426 <http://www.informationweek.com/news/security/government/showArticle.jhtml?a rticleID=224400426&queryText=massachusetts%20cmr> &queryText=massachusetts%20cmr These articles describe a new data protection law for the state of Massachusetts - any "personally identifiable information" (such as first and last name) for any resident of the state of Massachusetts must be encrypted in your database and "over the wire". Fines may be levied in the order of $5000 per instance. Organizations based outside the state of Massachusetts (having information about residents of the state of Massachusetts in their databases) are affected as well.