Recently I came across this new Massachusetts state data protection security law that has been passed and wondering if anyone took an initiative to fix their data storage, especially if it deals with MA residents. You can find more about this law from Google Search.
One thing that might make a difference for database vendors and users are storing personal information without any encryption and replicating that across the wire and also needs to maintain a Written Information Security Plan (WISP) and file it with the state of Massachusetts.
The main problem is; if you have 1000 users from MA; and if you did not encrypt their personal identification information (PII); then you or your business might end up paying 5M USD (5K per breach or lost record); and same is the case when you loose the data that is stored in USB or laptop or whatever…
This also means; if other states and countries start implementing the same rules; then we might see traction on how the databases actually store the data by having global encryption at different levels like table, file, database or at a system level. Microsoft SQL server 2008, already started supporting encryption at various levels by introducing Transaparent Data Encryption (TDE)