Many U.S. state laws require that businesses adopt reasonable measures to protect personal information and/or dispose of personal information in an appropriate manner. The data security regulations issued by the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”), however, impose far more detailed and comprehensive data security requirements than most, if not all, other states. With the compliance date for the Massachusetts data security regulations—March 1, 2010—only two weeks away, organizations would be well advised to take a fresh look at their policies and procedures.