Threatpost, Kapersky Labs' security news blog, reported today that a New York Based tour company who's web site was hacked, exposing customer credit card information, may be the first real test of Massachusetts' stringent new data privacy laws. See the full article here.
The Massachusetts law, which went into effect on March 1, 2010, is particularly aggressive as it covers the treatment of sensitive data of Massachusetts citizens by individuals and companies outside of Massachusetts.
This case is likely to be instructive of the dangers faces by companies which handle and/or retain sensitive data, and points up the need to have comprehensive policies and procedures to deal with data handling and, in worst case scenarios, data breaches.
Unfortunately, the Massachusetts data privacy law makes it clear that these policies and procedures must be compliant not only with local laws, but also with the laws of other jurisdictions such as Massachusetts which extend the reach of their privacy laws beyodn their own borders.
All of this begs the question: Are your company's data policies and procedures up to date and sufficient to protect your company? If not, or if you are not sure, the time to remedy this is now!