New Privacy Regulations A Burden for Most Massachusetts Companies, A Blessing for Others

take care to secure the encryption keys, and this is an area where we are really strong. We have a simple solution that doesn’t require a huge infrastructure to set up, and we have professional services staff who can help set up these systems inside companies.”

Imprivata of Lexington, MA, is another startup whose software could help some companies meet the new standards. Like several other Massachusetts companies, it makes software that limits access to corporate computers and networks—including “strong authentication” systems that force employees to enter a one-time password, complete a fingerprint scan, or possess an RFID-based “proximity card” in order to log on to a corporate network. Strong authentication “ensures that access to records [is] controlled and you can verify and report on the identity of the user accessing the data,” Imprivata co-founder and CTO David Ting wrote in a recent blog post about the Massachusetts data privacy regulations.

David Ting, founder and CTO of Imprivata“These new regulations put the onus on the business to make sure they’re taking proactive steps to protect sensitive customer information,” Ting notes. “While the new regulations haven’t outlined the potential penalties for violation yet, the threat of a fine shouldn’t be the trigger for an action when it comes to protecting customer information. Nor should businesses wait until they have a breach before getting serious about security—these are common sense steps that all businesses should take to ensure that they’re protecting their critical assets and data.”

Plenty of other Boston-area companies are ready to help with software that protects data stored on company-owned machines or traveling on networks. A quick list of firms mentioned in Xconomy’s pages in the last year and a half would include Aveksa, Bit9, ChosenSecurity, Courion, Core Security, Enterasys, Liquid Machines, Mazu Networks, Memento, NetClarity, NitroSecuity, OpenPages OpenService, Q1 Labs, Rapid7, the RSA division of EMC, Security Innovation, Tizor, Vaultus, and Verdasys.

Through their portfolio companies, Boston-area venture firms have connections to an even longer list of security firms that could end up benefiting from encryption mandates in Massachusetts, Nevada, and the other states considering such rules. Needham, MA-based Prism VentureWorks, for example, is an investor in GuardID of San Mateo, CA, which makes a USB device for PCs that stores encrypted personal data such as credit card numbers and account passwords.

Update, February 16, 2009: OCABR has once again pushed back the implementation date for the new encryption regulations, this time to January 1, 2010. “A sharp change in the business climate, along with the business community’s increased understanding of what is required to protect their customers’ identity, led to the new date,” the office said last week.

Author: Wade Roush

Between 2007 and 2014, I was a staff editor for Xconomy in Boston and San Francisco. Since 2008 I've been writing a weekly opinion/review column called VOX: The Voice of Xperience. (From 2008 to 2013 the column was known as World Wide Wade.) I've been writing about science and technology professionally since 1994. Before joining Xconomy in 2007, I was a staff member at MIT’s Technology Review from 2001 to 2006, serving as senior editor, San Francisco bureau chief, and executive editor of TechnologyReview.com. Before that, I was the Boston bureau reporter for Science, managing editor of supercomputing publications at NASA Ames Research Center, and Web editor at e-book pioneer NuvoMedia. I have a B.A. in the history of science from Harvard College and a PhD in the history and social study of science and technology from MIT. I've published articles in Science, Technology Review, IEEE Spectrum, Encyclopaedia Brittanica, Technology and Culture, Alaska Airlines Magazine, and World Business, and I've been a guest of NPR, CNN, CNBC, NECN, WGBH and the PBS NewsHour. I'm a frequent conference participant and enjoy opportunities to moderate panel discussions and on-stage chats. My personal site: waderoush.com My social media coordinates: Twitter: @wroush Facebook: facebook.com/wade.roush LinkedIn: linkedin.com/in/waderoush Google+ : google.com/+WadeRoush YouTube: youtube.com/wroush1967 Flickr: flickr.com/photos/wroush/ Pinterest: pinterest.com/waderoush/