The compliance date for the data security regulations issued by the Massachusetts Office of Consumer Affairs and Business Regulation has finally arrived—March 1, 2010. The Massachusetts regulations impose far more detailed and comprehensive data security requirements than most, if not all, other states. For example, the regulations require that a business develop, implement, maintain, and monitor a comprehensive, written information security program that contains administrative, technical, and physical safeguards to ensure the security and confidentiality of records containing personal information relating to Massachusetts residents. Beyond its general, risk-based information security program requirement and related administrative requirements, the Massachusetts regulations also require that a business implement a number of detailed and specific measures, including implementing secure user authentication protocols and access control measures for computer systems.