Massachusetts mandates data security sanity

Don’t panic. SQL Server magazine published “A New Law Could Change the Way You Build Database Applications” a few days ago which gives the initial impression that all of us in the industry have a lot of work to do to comply with Massachusetts’ new legislation on personal information security.

Commenters on Slashdot and reddit were quick to label the piece as much too light) considering the kind of damage identity theft can cause.

It’s annoying that it has been implemented at a US state level (if all states enacted similar legislation, you’d have 50 different sets of rules to keep track of), but the law itself seems sane to me. As our sysadmin succinctly put it: “It looks like a sudden outbreak of common sense.”

If you are in the business of handling confidential personal information and don’t already have a “Written Information Security Plan”, you should probably look into drafting one. The Massachusetts Office of Consumer Affairs and Business Regulation has also done an pretty good job of providing supporting information to help people comply with the new regulations.

Aside: If you’re interested in encryption, Mike Ivanov has put together some great posts on Python cryptography.

Tags: , , , , ,

Recent Posts

Tech Debt Best Practices: Minimizing Opportunity Cost & Security Risk

Tech debt is an unavoidable consequence of modern application development, leading to security and performance concerns as older open-source codebases become more vulnerable and outdated. Unfortunately, the opportunity cost of an upgrade often means organizations are left to manage growing risk the best they can. But it doesn’t have to be this way.

Read More
Scroll to Top