201 CMR 17.00 delayed again
Thanks to my friend Jack Daniel for passing this info along. The Office of Consumer Affaris and Business Regulation announced that the deadline of May 1, 2009 has been pushed to January 1, 2010. There have also been some changes made that ease up on some of the requirements.
Is this a good or a bad thing though? The original date was January 1, 2009. Then it was pushed to May 1, 2009. Now we are looking at January 1, 2010. What I see is that every time you push out a deadline the perceived importance is reduced. If it isn’t important enough that people need to act now what will change between now and January 1, 2010 that will make it important? I’m playing devil’s advocate a bit here because I understand the reasons for pushing it out but trying to look at the ramifications of doing so.
For the record, I think a lot of what the state is requiring makes sense. You should not carry Personal Information around on your laptop, usb drive, etc. unencrypted. You shouldn’t send it in the clear via email or wireless networks. You classify your data to know where this type of information lives and secure it accordingly. I’m just not sure that continually pushing the date out is going to help the cause or hurt it.
Filed under: Security | Leave a Comment