This law is beneficial and shares the need for companies to improve their security controls, as highlighted by ESET security

2.1 million users’ data breached in Massachusetts

QUOTE: Since 2010 that is, following a law enacted in 2007 that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Attorney General Martha Coakley’s office released the information, including a breakdown of the data.

It seems her office received 1,166 data breach notices since January 2010, including 480 between January and August of 2011. About 25 percent were as a result of a deliberate hacking attempt, followed by 23 percent for accidental unauthorized sharing of information, i.e. faxes or e-mails with personal information sent to the wrong recipient. 15 percent of cases were reports of customer credit card numbers. Data was also lost through thefts or accidental losses of laptop computers and paper documents, or in cases in which workers deliberately gained unauthorized access to client files.