The following article was brought to my attention yesterday:
It references the following article:
These articles describe a new data protection law for the
state of Massachusetts
– any “personally identifiable information” (such as first
and last name) for any resident of the state of Massachusetts must be encrypted
in your database and “over the wire”. Fines may be levied in
the order of $5000 per instance. Organizations based outside the state of
Massachusetts (having information about residents of the state of Massachusetts
in their databases) are affected as well.