Massachusetts has taken the lead in passing a new regulation -- 201 CMR 17:00 -- that requires companies to implement a comprehensive data security plan that includes encryption. This new regulation implements the provisions of an earlier data breach notification regulation.

This article discusses some aspects of the regulation and offers suggestions on how data security best practices can help with compliance. Companies should discuss the regulation in detail with their legal consul to examine how it affects their unique circumstances and the best course of action to be taken.