The Massachusetts Office of Consumer Affairs and Business Regulation has extended the deadline for compliance with the state's new information security regulations from May 1, 2009, to January 1, 2010. The regulations require all businesses that own, license, store or maintain personal information about a resident of Massachusetts to encrypt that information when stored on portable devices or transmitted wirelessly or on public networks, and adopt a comprehensive, written information security program.

The regulations had originally been scheduled to take effect on January 1, 2009. The recent turmoil in the business world, along with the business community's increased understanding of what the law requires, led to the extended deadline.