Consider the data that Amazon.com obtains on an individual with the sale of one book. They know the buyer’s name, address, credit card information, and some buying behavior information, all with one transaction. Now consider the information obtained when walking into your local bookstore, paying cash for the same book and walking out. The “brick and mortar” seller makes the same sale, but gets no personal information. Thus, many of these privacy issues are attributable to consumer’s online behavior. Additionally, blogs, Tweets and other social media have eroded, for better or worse, the line between information that is private and that which is public. In this context, Mr. Schmidt’s comment is valid. Information Security Blog
Of immediate concern to those of us working with data is a regulation passed by the Commonwealth of Massachusetts. This new regulation, (201 CMR 17.00, et. seq.) implemented through the State’s Consumer Protection Law (Massachusetts General Law, Chapter 93H) is generally acknowledged to be the strictest in the nation (at least so far). Copies of the laws and regulations are available for download at the White Space Resource Center. These new regulations, which went into effect on March 1, 2010, mandate that all businesses that collect, handle or own certain information on Massachusetts residents institute and make available for inspection, a comprehensive written information security program.Before you think, “Heck, my business is in not in Massachusetts, I don’t care what they say in Beantown,” hold on a minute. The law does not care where your business is. If you possess personal information on any Massachusetts residents, you are legally required to comply with the data security law. And that is not necessarily a bad thing.