The Identity Theft Resource Center noted that the number of reported breaches in 2008 rose to 656, almost 50% more than in 2007. 2009 looks to be even worse than 2008, with 155 breaches as of mid-April, exposing the records of more than 1.7 million people.
Data breaches have always been a risk, are extremely costly to deal with and have a negative impact on a firm's reputation. Now firms will need to take all of the necessary steps and make the appropriate investments to ensure compliance with the new laws if they have employees and/or customers in Massachusetts.
While there is time to put the proper policies, procedures and systems in place, the deadline will arrive quickly and the risks of not putting a program in place thoughtfully are tremendous.