State delays new security rules for businesses
State officials have pushed back the date that strict new data security rules for businesses will take effect to Jan. 1, citing the poor economy and saying companies needed more time to get ready.
The rules, among the tightest of any state, will require all businesses that handle sensitive personal information such as names and Social Security numbers to encrypt the data, making it harder to misuse if lost or stolen. They also require companies to develop a security program around personal data. This is the second time the Patrick administration has delayed the start date of the rules, previously set to take effect on May 1.
Daniel Crane, undersecretary for consumer affairs and business regulation, said the rules also remove a requirement that businesses get a written certification from business partners that they meet certain security standards, saying it would amount to ''busy work.''
"I think we've gotten the business community's attention,'' Crane said. "We're giving people more time to address this, and in the current economy, they'll get it done and we'll have a high level of compliance come January.''
(By Ross Kerber, Globe Staff)