In the Commonwealth of Massachusetts, we've have a number of visible public "incidents" to be embarrassed about. Our last 3 State Senate Presidents have been indicted for criminal activities. Previous to this, another State Senate President (who also had his own trouble with the law) has a brother who is an escaped fugitive, accused murderer, and one of the FBI's most wanted. Massachusetts also has the dubious distinction of the "big dig," the biggest public works project of all times that is also highlighted by corruption, shoddy work, and lawsuits galore. Finally, Massachusetts is the home of TJX, the infamous firm with the biggest publicly-disclosed data breach to date.
Yup, all of these incidents are sorry statements about my home state and an embarrassment to its citizens. In spite of these however, I was extremely proud that Massachusetts passed the toughest data privacy and breach disclosure law, 201 CMR 17, which mandated data encryption for the storage and transmission of the private data of MA residents. This was a gutsy move and showed real vision and leadership.
Unfortunately, now I am embarrassed about this as well. On August 17, the Massachusetts office of Consumer Affairs and Business Regulations (OCABR) delayed the deadline for compliance to March 10, 2010. This is the second delay, the first pushed compliance back from 2009 to January 2010. Now this. Additionally, the legislation has been watered down and is now "risk-based" (whatever that means) to accommodate the needs of small businesses. Our guts, vision, and leadership have been replaced with indecision, ignorance, and politics. Nice going, Beacon Hill.
Now I'll be the first to admit that this legislation isn't perfect and given the economy, the first delay was understandable. This new one is inexcusable however. In my humble opinion, special interest was given priority over public safety and that is an abomination. Apparently, there are a few things that OCABR doesn't understand:
1. Security threats continue to get worse. Delaying this legislation gives the impression that we have the luxary of time -- we don't! Didn't our legislators read the news about the group that stole 130 records last week? Apparently not.
2. Small businesses are the ones least impacted by this law. The cost of laptop encryption and an email encryption service is negligible. Additionally, small business budget issues are now holding back much needed data security controls at larger firms where private data is already at risk. Forgive my sports analogy, but this is like lowering the baskets in the NBA because some of the shortest players can't dunk as well as Kevin Garnett.
3. This sends the wrong message to other States and the Federal government. We need urgency, action, and cooperation to deal with cybercrime, not pork and bureaucracy.
I hope that the legislators in MA smarten up. The right thing to do is follow the PCI model and phase in compliance with large organizations going first. Rome is burning and my own state is playing the fiddle.
I for one will call my State representative and Senator, I suggest other residents of the Commonwealth do the same. As for other State legislators, Congressman, and Senators, please disregard the mistakes taking place in Boston. I guess we have embarrassed ourselves too many times to be taken seriously.
- About Networking Nuggets and Security Snippets
- Jon Oltsik is a principal analyst at Enterprise Strategy Group responsible for the networking and security services at ESG. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. Mr. Oltsik previously served as VP of Marketing & Strategy at GiantLoop Network where he managed all marketing activities and defined the company’s strategic vision. Jon was also a Senior Analyst at Forrester Research where he covered a wide range of infrastructure and IT topics. In this role, he was frequently quoted in business journals, including the Wall Street Journal, Business Week, and the New York Times, and was also the recipient of a prestigious "best research" award for his breakthrough report, "The Internet Computing Voyage."
Sponsored Links
- Watch a step-by-step demo of how Chinese hackers compromised brand name US high-tech companies like Google. - Zscaler
- Cisco Webcast: Leveraging 802.11n, Is your WLAN ready for Enterprise Video?- Cisco
- Turn your desk phone and mobile phone into one with Sprint Mobile Integration.- Sprint
- Discover the Four Trends Driving the Future of Data Centers - Emerson Network Power
- Visit Oberon for more information- Oberon Wireless
- Next-generation firewalls control applications and prevent threats.- Palo Alto Networks
- Troubleshoot in Minutes! Search & Report on all Network data - Free Download.- Splunk Inc.
- MoneyGram leverages Windows/Novell InteropAbility- Novell Microsoft
- VTI puts Windows & Novell interoperability to work- Novell Microsoft
- Educational Wi-Fi Reference Poster Program to help get you up to speed on Wi-Fi Standards, including 802.11n- Xirrus
-
Network World, Inc
The Leader in Network Knowledge
Post new comment