more Quotes
Tips and Tricks


Applicable OS

Web Link




New Law in Massachusetts regarding databases

SQL Server

New Massachusetts database law link

This new law will change the way all databases will be built in the future. The following article outlines some of the implications of this new law and the penalties.

April 2010


Document No


A New Law Could Change the Way You Build Database Applications

April 22, 2010 01:04 PM SQL Server Magazine by Brian Moran

Massachusetts recently passed a sweeping new data security law that will have a profound impact on the way the United States, and perhaps the rest of the world, manages and develops data-centric applications. Oddly, most people in the business don’t seem to know about it.

Google “Massachusetts data security law, 201 CMR 17.00” and you’ll find plenty of facts about the new law. I also encourage you to read InformationWeek’s "States' Rights Come to Security Forefront: Massachusetts' new data protection law reaches beyond its borders. Are you ready?" It’s one of the best summaries I’ve seen. But even it falls short of helping you understand the profound impact of this law.

Here are the basics of the new law. If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it’s persisted. Sending PII over HTTP instead of HTTPS? That’s a big no no. Storing the name of a customer in SQL Server without the data being encrypted? No way, Jose. You’ll get a fine of $5,000 per breach or lost record. If you have a database that contains 1,000 names of Massachusetts residents and lose it without the data being encrypted that’s $5,000,000. Yikes.

Perhaps just as much fun is the fact that to be compliant with the law your company will also need to maintain a Written Information Security Plan (WISP) and file it with the state of Massachusetts. The WISP must address and outline your business’s “technical, administrative, and physical safeguards” that are in place to protect the data. If you lost a laptop without a WISP being filed with Massachusetts, you’re potentially on the hook for a cool million even if the data was encrypted. Yikes again.

If I didn’t know better, I’d think the security czar of Massachusetts (or whatever the title is of the person who wrote this law) was a SQL Server sales executive because the law could sell a heck of a lot of SQL Server 2008 Enterprise Edition upgrades to get Transparent Data Encryption and other useful Enterprise Edition–only features in the OS and database stack.

By the way, this law doesn’t affect just businesses in MA. It also affects businesses that have PII for Massachusetts residents. Do you know if the application you’re building for a company in Virginia might ever store Massachusetts resident data? Unless you’re sure that it never, ever will, you better be compliant with Massachusetts data security law, 201 CMR 17.00. What if you’re sure and then one of your employees moves from Virginia to Massachusetts? Well, now you probably have PII for a MA resident. Yikes again. This law changes pretty much everything we need to do and think about with respect to building database applications.

I could wax eloquently on about the potential battle of states’ rights versus federal oversight and the potential for a Supreme Court challenge based on the Commerce Clause, but, this is an article for geeks, so I won’t go there. Instead, I’ll simply say once again: yikes.

Please check out for a nice review of SQL Server 2008 Enterprise Edition security features compared and contrasted to other ways to encrypt data on a Microsoft data stack.

Helping you turn more prospects into Customers

© Copyright 2012  All rights reserved. Last Updated Tuesday, July 17, 2012
TAGS: Crm made easy, making CRM successful, How to Benefit from CRM, Continuous Improvement, CRM Success Tips, CRM Strategy, CRM Database, Integrity, CRM Effectiveness, Marketing Strategy, Campaigns ACT Software - ACT! Software Support - Australian ACT Consultants - Australian ACT Support Australian ACT! Support


Helping you turn more prospects into customers

Quick links

Windows Tips & Tricks
Some Windows tips to help you become more productive.

ACT! Tips & Tricks
A range of tips for ACT! users to save you time.

Remote Support
When you have a problem we may be able to connect to your machine remotely and resolve without having to schedule an on-site visit.

Existing Clients
Our client list may be in your industry.

Find updates for your system.