On March 1, a law went into effect in Massachusetts mandating that all companies that store personal information about customers must improve their overall data security. The companies must draft and install a written information security program that is appropriate to the size and overall scope of the company.

The mandate also requires companies to have an employee specifically responsible for maintaining the ISP and the overall integrity of any data stored by the company. It is expected that the Massachusetts law will become the standard across the nation as reports of computer hacking attacks on companies continue to be an attractive option for cyber criminals.

"Every person that owns or licenses personal information about a resident of the Commonwealth and electronically stores or transmits such information shall include in its written, comprehensive information security program the establishment and maintenance of a security system covering its computers, including any wireless system," the law reads.

Attacks on companies like Google and Intel have dominated most of the national news in recent months, but, in January 2007, Massachusetts-based TJX, parent company of several retail chains, announced that hackers stole the credit-card information of more than 40 million customers.ADNFCR-2553-ID-19654570-ADNFCR