Massachusetts Passes Sweeping Data Security Law

By Deane Barker on April 28, 2010

A New Law that Will Change the Way You Build Database Applications: Whoa.  I’ll be fascinated to see how this develops.  If it’s valid, and it stands, it will have a significant effect on how any nationally-scoped app is built.

If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it’s persisted. Sending PII over HTTP instead of HTTPS? That’s a big no no. Storing the name of a customer in SQL Server without the data being encrypted? No way, Jose. You’ll get a fine of $5,000 per breach or lost record. If you have a database that contains 1,000 names of Massachusetts residents and lose it without the data being encrypted that’s $5,000,000. Yikes.



Comments are closed. If you have something you really want to say, tweet @gadgetopia.