Massachusetts has adopted final data security regulations that are now fully effective Jan. 1, 2010, and will affect almost every business in the state (and others outside Massachusetts), large and small, including law firms.

These requirements are currently the most rigorous in the country, outstripping California and the new federal Red Flag rules for financial institutions and creditors. The regulations will require significant security and other policy changes, including encryption of laptops, PDAs and wireless communications, and, as many are rapidly realizing, will involve far more work than first anticipated.

Click here to read further analysis of the regulations and their impact.