Nick Akerman and Melissa J. Krasnow have an article in The National Law Journal:
Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. The Massachusetts law applies to a business located anywhere in the United States that stores or maintains personal information about a Massachusetts resident. This article discusses the requirements of these new state laws and their practical significance for businesses.