March 1, 2021
Hot Topics:

A New Massachusetts Law Could Radically Change How You Build Database Applications

  • By Developer.com Staff

Massachusetts recently passed a radical data security law that could drastically change how database Web applications are built in any state.

According to a story by Brian Moran in SQL Server Magazine, the Massachusetts law deals with sending any personally identifiable information about any Massachusetts resident.

"Sending PII over HTTP instead of HTTPS? That's a big no no," Moran said. "Storing the name of a customer in SQL Server without the data being encrypted?  No way, Jose. You'll get a fine of $5,000 per breach or lost record. If you have a database that contains 1,000 names of Massachusetts residents and lose it without the data being encrypted that's $5,000,000. Yikes."

The law also specifies that companies will need to file a Written Information Security Plan with the state of Massachusetts.

"The WISP must address and outline your business's 'technical, administrative, and physical safeguards' that are in place to protect the data. If you lost a laptop without a WISP being filed with Massachusetts, you’re potentially on the hook for a cool million even if the data was encrypted. Yikes again," Moran said.

The law doesn't just effect Massachusetts businesses, but any company that stores personally identifiable information about Mass. residents.

You can read the law for yourself here (PDF).

View Article

This article was originally published on April 26, 2010

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date